Improved Rate Upper Bound of Collision Resistant Compression Functions

نویسنده

  • Richard Ostertág
چکیده

Based on Stanek’s results [1] we know that in model with integer rate PGV like compression functions no high speed collision resistant compression functions exist. Thus we try to study more general multiple block ciphers based model of compression functions with rational rate, like 6/5. We show a new upper bound of the rate of collision resistant compression functions in this model. 1 Motivation and goals The cryptographic hash functions are a basic building block of many other cryptographic constructions (such as digital signature schemes, message authentication code, . . .). For more complete overview see e.g. [2, 3]. Majority of modern hash functions is based on Merkle-Damgård paradigm [4, 5]. Many compression functions are explicitly based on block cipher. Even some of “dedicated” hash functions (which were not constructed in this way) have this structure. For example, it is possible to extract 160 bits block cipher with 512 bits key (called SHACAL-1) from compression function implemented in SHA-1 hash function [6]. The idea of hash function construction by iterating block cipher is at least 30 years old [7]. Nevertheless no systematic analysis of this idea was done until 1994. In this year Preneel, Govaerts and Vandewalle done the first systematic study of 64 hash functions based on block cipher [8]. Thereafter Black, Rogaway and Shrimpton [9] analyzed these constructions in blackbox model and showed that 20 of them are collision resistant up to birthday-attack bound. At least from the usability point of view, speed is important property of hash function. So it is only natural to attempt to speedups it. One of possible speedups of iterated hash functions based on block ciphers is increasing the number of input message blocks processed by one use of block cipher. Another possibility of speedup is a restriction of keys used in all block ciphers to a small fixed set of keys. Then it is possible to pre-schedule subkeys for each round of used block ciphers, whereby saving a big amount of work. ? Supported by VEGA grant No. 1/0266/09. Traditional constructions [8] of hash functions require one block cipher transformation per input message block (so called rate-1 hash functions) and they require rekeying for every input message block. Black, Cochran and Shrimpton [10] showed in year 2005 that it is not possible to construct a provably secure rate-1 iterated hash function based on block cipher, which uses only small fixed set of keys. For these reasons our goal is to maximize rate of iterated hash function based on block cipher. In other words, we attempt to maximize the number of input message blocks processed by a single block cipher invocation.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

On High-Rate Cryptographic Compression Functions

The security of iterated hash functions relies on the properties of underlying compression functions. We study highly efficient compression functions based on block ciphers. We propose a model for highrate compression functions, and give an upper bound for the rate of any collision resistant compression function in our model. In addition, we show that natural generalizations of constructions by...

متن کامل

Analysis of Fast Blockcipher-Based Hash Functions

An important property of a hash function is the performance. We study fast iterated hash functions based on block ciphers. These hash functions and their compression functions are analyzed in the standard black-box model. We show an upper bound on rate of any collision resistant hash function. In addition, we improve known bound on the rate of collision resistant compression functions.

متن کامل

Provable Security of the Knudsen-Preneel Compression Functions

This paper discusses the provable security of the compression functions introduced by Knudsen and Preneel [?,?,?] that use linear error-correcting codes to build wide-pipe compression functions from underlying blockciphers operating in Davies-Meyer mode. In the information theoretic model, we prove that the Knudsen-Preneel compression function based on an [r, k, d]2e code is collision resistant...

متن کامل

Revised: Block Cipher Based Hash Function Construction From PGV

Preneel, Govaerts, and Vandewalle[12] considered the 64 most basic ways to construct a hash function from a block cipher, and regarded 12 of these 64 schemes as secure. Black, Pogaway and Shrimpton[3] proved that, in black-box model, the 12 schemes that PGV singled out as secure really are secure and given tight upper and lower bounds on their collision resistance. And also they pointed out, by...

متن کامل

Hash Functions Based on Block Ciphers and Quaternary Codes

We consider constructions for cryptographic hash functions based onm-bit block ciphers. First we present a new attack on the LOKIDBH mode: the attack finds collisions in 2 encryptions, which should be compared to 2 encryptions for a brute force attack. This attack breaks the last remaining subclass in a wide class of efficient hash functions which have been proposed in the literature. We then a...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2009