INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India
| Hi-index | 0.00 |
This thesis studies cryptographic hash functions, which are families of functions that map a large domain (typically {0, 1}*) into a set of fixed-length strings, and that possess certain hardness properties. These properties, commonly called preimage resistance, second-preimage resistance, and collision resistance, are explored in detail in order to establish a set of formal security definitions for them. We state three definitions for each of the first two hardness properties and one for the third, and then give a precise analysis of the relationships among these seven notions. One method of creating a cryptographic hash function is to build it from a blockcipher (a keyed algorithm most commonly used for encryption). This thesis examines 64 blockcipher-based hash function constructions, and establishes provable upper- and lowerbounds on their security. In doing so, we provide solid formal footing for some folklore results, and also show that some constructions that were believed to be cryptographically inferior are, in fact, secure. All of the blockcipher-based constructions that we prove are secure require that the key to the blockcipher be allowed to change each time that the blockcipher is called. This is undesirable from a performance perspective because rekeying a modern blockcipher accounts for a large fraction of its total computational cost. Hence, we investigate whether or not is it possible to prove the security of a very general class of constructions in which the blockcipher key is fixed. Our results show that, in the model most often used for analyzing blockcipher-based hash functions, it is not possible to prove a good security bound for these fixed-key constructions.