Indifferentiability of Single-Block-Length and Rate-1 Compression Functions
نویسندگان
چکیده
The security notion of indifferentiability was proposed by Maurer, Renner, and Holenstein in 2004. In 2005, Coron, Dodis, Malinaud, and Puniya discussed the indifferentiability of hash functions. They showed that the Merkle-Damg̊ard construction is not secure in the sense of indifferentiability. In this paper, we analyze the security of single-block-length and rate-1 compression functions in the sense of indifferentiability. We formally show that all single-block-length and rate-1 compression functions, which include the Davies-Meyer compression function, are insecure. Furthermore, we show how to construct a secure single-block-length and rate-1 compression function in the sense of indifferentiability. This does not contradict our result above.
منابع مشابه
Indifferentiability of Double Length Compression Functions
Double block length hashing covers the idea of constructing a compression function on 2n bits using an n-bit block cipher. In this work, we present a comprehensive indifferentiability analysis of all relevant double length compression functions. Indifferentiability is a stronger security notion than collision and preimage resistance and ensures that a design has no structural flaws. It is very ...
متن کاملIndifferentiable Security Analysis of Popular Hash Functions with Prefix-Free Padding
Understanding what construction strategy has a chance to be a good hash function is extremely important nowadays. In TCC’04, Maurer et al. [13] introduced the notion of indifferentiability as a generalization of the concept of the indistinguishability of two systems. In Crypto’2005, Coron et al. [5] suggested to employ indifferentiability in generic analysis of hash functions and started by sug...
متن کاملOn the Indifferentiability of the Sponge Construction
In this paper we prove that the sponge construction introduced in [4] is indifferentiable from a random oracle when being used with a random transformation or a random permutation and discuss its implications. To our knowledge, this is the first time indifferentiability has been shown for a construction calling a random permutation (instead of an ideal compression function or ideal block cipher...
متن کاملA Unified Indifferentiability Proof for Permutation- or Block Cipher-Based Hash Functions
In the recent years, several hash constructions have been introduced that aim at achieving enhanced security margins by strengthening the Merkle-Damgård mode. However, their security analysis have been conducted independently and using a variety of proof methodologies. This paper unifies these results by proposing a unique indifferentiability proof that considers a broadened form of the general...
متن کاملMore Insights on Blockcipher-Based Hash Functions
In this paper we give more insights on the security of blockcipherbased hash functions. We give a very simple criterion to build a secure large class of Single-Block-Length (SBL) or double call DoubleBlock-Length (DBL) compression functions based on (kn, n) blockciphers, where kn is the key length and n is the block length and k is an integer. This criterion is simpler than previous works in th...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IEICE Transactions
دوره 90-A شماره
صفحات -
تاریخ انتشار 2006