Multi-Property-Preserving Hash Domain Extension and the EMD Transform
نویسندگان
چکیده
We point out that the seemingly strong pseudorandom oracle preserving (PRO-Pr) property of hash function domain-extension transforms defined and implemented by Coron et. al. [12] can actually weaken our guarantees on the hash function, in particular producing a hash function that fails to be even collision-resistant (CR) even though the compression function to which the transform is applied is CR. Not only is this true in general, but we show that all the transforms presented in [12] have this weakness. We suggest that the appropriate goal of a domain extension transform for the next generation of hash functions is to be multi-property preserving, namely that one should have a single transform that is simultaneously at least collision-resistance preserving, pseudorandom function preserving and PRO-Pr. We present an efficient new transform that is proven to be multi-property preserving in this sense.
منابع مشابه
Multi-Property-Preserving Hash Domain Extension: The EMD Transform
In this paper we (1) argue the benefits of replacing the current MD transform with a multi-property-preserving domain extension transform that guarantees numerous properties of the hash function assuming they hold of the compression function; (2) provide a practical, proven-secure multi-domain extension transform suitable for use with the next generation of hash functions; (3) point to some sub...
متن کاملCompression Functions Suitable for the Multi-Property-Preserving Transform
Since Bellare and Ristenpart showed a multi-property preserving domain extension transform, the problem of the construction for multi-property hash functions has been reduced to that of the construction for multi-property compression functions. However, the Davies-Meyer compression function that is widely used for standard hash functions is not a multi-property compression function. That is, in...
متن کاملBlack-Box Property of Cryptographic Hash Functions
We define a new black-box property for cryptographic hash function families H : {0, 1}×{0, 1}∗ → {0, 1} which guarantees that for a randomly chosen hash function HK from the family, everything “non-trivial” we are able to compute having access to the key K, we can compute only with oracle access to HK . If a hash function family is pseudo-random and has the black-box property then a randomly ch...
متن کاملAnalysis of Property-Preservation Capabilities of the ROX and ESh Hash Domain Extenders
Two of the most recent and powerful multi-property-preserving (MPP) hash domain extension transforms are the Ramdom-Oracle-XOR (ROX) transform and the Enveloped Shoup (ESh) transform. The former was proposed by Andreeva et al. at ASIACRYPT 2007 and the latter was proposed by Bellare and Ristenpart at ICALP 2007. In the existing literature, ten notions of security for hash functions have been co...
متن کاملEnhanced Target Collision Resistant Hash Functions Revisited
Enhanced Target Collision Resistance (eTCR) property for a hash function was put forth by Halevi and Krawczyk in Crypto 2006, in conjunction with the randomized hashing mode that is used to realize such a hash function family. eTCR is a strengthened variant of the well-known TCR (or UOWHF) property for a hash function family (i.e. a dedicated-key hash function). The contributions of this paper ...
متن کامل