On the Impossibility of Efficiently Combining Collision Resistant Hash Functions
نویسندگان
چکیده
Let H1, H2 be two hash functions. We wish to construct a new hash function H that is collision resistant if at least one of H1 or H2 is collision resistant. Concatenating the output of H1 and H2 clearly works, but at the cost of doubling the hash output size. We ask whether a better construction exists, namely, can we hedge our bets without doubling the size of the output? We take a step towards answering this question in the negative — we show that any secure construction that evaluates each hash function once cannot output fewer bits than simply concatenating the given functions.
منابع مشابه
A Generalization of PGV-Hash Functions and Security Analysis in Black-Box Model
In [1] it was proved that 20 out of 64 PGV-hash functions [2] based on block cipher are collision resistant and one-way-secure in blackbox model of the underlying block cipher. Here, we generalize the definition of PGV-hash function into a hash family and prove that besides the previous 20 hash functions we have 22 more collision resistant and one-way secure hash families. As all these 42 famil...
متن کاملCombining properties of cryptographic hash functions
A “strong” cryptographic hash function suitable for practical applications should simultaneously satisfy many security properties, like pseudo-randomness, collision resistance and unforgeability. This paper shows how to combine two hash function families each satisfying different security property into one hash function family, which satisfies both properties. In particular, given two hash func...
متن کاملWeak Security Notions of Cryptographic Unkeyed Hash Functions and Their Amplifiability
Cryptographic unkeyed hash functions should satisfy preimage resistance, second-preimage resistance and collision resistance. In this article, weak second-preimage resistance and weak collision resistance are defined following the definition of weak one-wayness. Preimage resistance is one-wayness of cryptographic hash functions. The properties of weak collision resistance is discussed in this a...
متن کاملHow to Fill Up Merkle-Damgård Hash Functions
Many of the popular Merkle-Damg̊ard hash functions have turned out to be not collision-resistant (CR). The problem is that we no longer know if these hash functions are even second-preimage-resistant (SPR) or one-way (OW), without the underlying compression functions being CR. We remedy this situation by introducing the “split padding” into a current Merkle-Damg̊ard hash function H. The patched h...
متن کاملAnalysis of Fast Blockcipher-Based Hash Functions
An important property of a hash function is the performance. We study fast iterated hash functions based on block ciphers. These hash functions and their compression functions are analyzed in the standard black-box model. We show an upper bound on rate of any collision resistant hash function. In addition, we improve known bound on the rate of collision resistant compression functions.
متن کامل