Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance

نویسندگان

  • Phillip Rogaway
  • Thomas Shrimpton
چکیده

We consider basic notions of security for cryptographic hash functions: collision resistance,preimage resistance, and second-preimage resistance. We give seven different definitions thatcorrespond to these three underlying ideas, and then we work out all of the implications andseparations among these seven definitions within the concrete-security, provable-security frame-work. Because our results are concrete, we can show two types of implications, conventional andprovisional , where the strength of the latter depends on the amount of compression achieved bythe hash function. We also distinguish two types of separations, conditional and unconditional .When constructing counterexamples for our separations, we are careful to preserve specifiedhash-function domains and ranges; this rules out some pathological counterexamples and makesthe separations more meaningful in practice. Four of our definitions are standard while threeappear to be new; some of our relations and separations have appeared, others have not. Herewe give a modern treatment that acts to catalog, in one place and with carefully-considerednomenclature, the most basic security notions for cryptographic hash functions.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Weak Security Notions of Cryptographic Unkeyed Hash Functions and Their Amplifiability

Cryptographic unkeyed hash functions should satisfy preimage resistance, second-preimage resistance and collision resistance. In this article, weak second-preimage resistance and weak collision resistance are defined following the definition of weak one-wayness. Preimage resistance is one-wayness of cryptographic hash functions. The properties of weak collision resistance is discussed in this a...

متن کامل

The Symbiosis between Collision and Preimage Resistance

We revisit the definitions of preimage resistance, focussing on the question of finding a definition that is simple enough to prove security against, yet flexible enough to be of use for most applications. We show that—counter to what was previously thought—Rogaway and Shrimpton’s notion of everywhere preimage resistance on its own does not fit this bill. We thus set out to fix the situation. O...

متن کامل

Properties of Cryptographic Hash Functions

This paper extends the work of Rogaway and Shrimpton [6], where they formalized seven security properties: notions of preimage resistance (Pre, aPre, ePre), second-preimage resistance (Sec, aSec, eSec) and collision resistance (Coll). They also give all the implications and separations among the properties. In this paper we consider three additional security properties which are important in ap...

متن کامل

On a Probabilistic Approach to the Security Analysis of Cryptographic Hash Functions

In this paper we focus on the three basic security requirements for a cryptographic hash function, commonly referred as preimage, second preimage and collision resistance. We examine these security requirements in the case of attacks which do not take advantage on how the hash function is computed, expressing them as success probabilities of suitable randomized algorithms. We give exact mathema...

متن کامل

The First 30 Years of Cryptographic Hash Functions and the NIST SHA-3 Competition

The first designs of cryptographic hash functions date back to the late 1970s; more proposals emerged in the 1980s. During the 1990s, the number of hash function designs grew very quickly, but for many of these proposals security flaws were identified. MD5 and SHA-1 were deployed in an ever increasing number of applications, resulting in the name “Swiss army knifes” of cryptography. In spite of...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2004  شماره 

صفحات  -

تاریخ انتشار 2004