Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance

We consider basic notions of security for cryptographic hash functions: collision resistance,preimage resistance, and second-preimage resistance. We give seven different definitions thatcorrespond to these three underlying ideas, and then we work out all of the implications andseparations among these seven definitions within the concrete-security, provable-security frame-work. Because our results are concrete, we can show two types of implications, conventional andprovisional , where the strength of the latter depends on the amount of compression achieved bythe hash function. We also distinguish two types of separations, conditional and unconditional .When constructing counterexamples for our separations, we are careful to preserve specifiedhash-function domains and ranges; this rules out some pathological counterexamples and makesthe separations more meaningful in practice. Four of our definitions are standard while threeappear to be new; some of our relations and separations have appeared, others have not. Herewe give a modern treatment that acts to catalog, in one place and with carefully-considerednomenclature, the most basic security notions for cryptographic hash functions.