Hash functions based on block ciphers: a synthetic approach
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Fast and Secure Hashing Based on Codes
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Hash Functions Based on Block Ciphers and Quaternary Codes
ASIACRYPT '96 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
The Collision Intractability of MDC-2 in the Ideal-Cipher Model
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Fast Software Encryption
Building a Collision-Resistant Compression Function from Non-compressing Primitives
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Preimages for Reduced SHA-0 and SHA-1
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Constructing Cryptographic Hash Functions from Fixed-Key Blockciphers
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Finding Preimages in Full MD5 Faster Than Exhaustive Search
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Blockcipher-Based Hashing Revisited
Fast Software Encryption
Security of Cyclic Double Block Length Hash Functions
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
Another Glance at Double-Length Hashing
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
Hash functions based on block ciphers
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
How to build a hash function from any collision-resistant function
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Security/efficiency tradeoffs for permutation-based hashing
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Attacking the Knudsen-Preneel compression functions
FSE'10 Proceedings of the 17th international conference on Fast software encryption
MJH: a faster alternative to MDC-2
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
The collision security of tandem-DM in the ideal cipher model
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Efficient hashing using the AES instruction set
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Analysis of step-reduced SHA-256
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Some plausible constructions of double-block-length hash functions
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Collisions of SHA-0 and reduced SHA-1
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
On the impossibility of highly-efficient blockcipher-based hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Provably secure double-block-length hash functions in a black-box model
ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology
The preimage security of double-block-length compression functions
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Construction of secure and fast hash functions using nonbinary error-correcting codes
IEEE Transactions on Information Theory
| Hi-index | 0.00 |
This paper discusses the provable security of the compression functions introduced by Knudsen and Preneel [11,12,13] that use linear error-correcting codes to build wide-pipe compression functions from underlying blockciphers operating in Davies-Meyer mode. In the information theoretic model, we prove that the Knudsen-Preneel compression function based on an $[r, k,d]_{2^e}$ code is collision resistant up to $2^{\frac{(r-d+1)n}{2r-3d+3}}$ query complexity if 2d≤r+1 and collision resistant up to $2^{\frac{rn}{2r-2d+2}}$ query complexity if 2dr+1. For MDS code based Knudsen-Preneel compression functions, this lower bound matches the upper bound recently given by Özen and Stam [23]. A preimage security proof of the Knudsen-Preneel compression functions has been first presented by Özen et al. (FSE '10). In this paper, we present two alternative proofs that the Knudsen-Preneel compression functions are preimage resistant up to $2^{\frac{rn}{k}}$ query complexity. While the first proof, using a wish list argument, is presented primarily to illustrate an idea behind our collision security proof, the second proof provides a tighter security bound compared to the original one.