Constructing Cryptographic Hash Functions from Fixed-Key Blockciphers

We propose a family of compression functions built from fixed-key blockciphers and investigate their collision and preimage security in the ideal-cipher model. The constructions have security approaching and in many cases equaling the security upper bounds found in previous work of the authors [24]. In particular, we describe a 2n-bit to n-bit compression function using three n-bit permutation calls that has collision security N0.5, where N= 2n, and we describe 3n-bit to 2n-bit compression functions using five and six permutation calls and having collision security of at least N0.55and N0.63.

[1]  Shoichi Hirose,et al.  Analysis of Double Block Length Hash Functions , 2003, IMACC.

[2]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[3]  Joos Vandewalle,et al.  On the Power of Memory in the Design of Collision Resistant Hash Functions , 1992, AUSCRYPT.

[4]  Shoichi Hirose,et al.  Some Plausible Constructions of Double-Block-Length Hash Functions , 2006, FSE.

[5]  Jean-Sébastien Coron,et al.  Merkle-Damgård Revisited: How to Construct a Hash Function , 2005, CRYPTO.

[6]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[7]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[8]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[9]  Thomas Ristenpart,et al.  How to Build a Hash Function from Any Collision-Resistant Function , 2007, ASIACRYPT.

[10]  John Black,et al.  On the Impossibility of Highly-Efficient Blockcipher-Based Hash Functions , 2005, EUROCRYPT.

[11]  John P. Steinberger,et al.  Security/Efficiency Tradeoffs for Permutation-Based Hashing , 2008, EUROCRYPT.

[12]  John Black,et al.  Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV , 2002, CRYPTO.

[13]  Thomas Peyrin,et al.  Combining Compression Functions and Block Cipher-Based Hash Functions , 2006, ASIACRYPT.

[14]  Moni Naor Advances in Cryptology - EUROCRYPT 2007, 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007, Proceedings , 2007, EUROCRYPT.

[15]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[16]  Joos Vandewalle,et al.  Hash Functions Based on Block Ciphers: A Synthetic Approach , 1993, CRYPTO.

[17]  Kaoru Kurosawa,et al.  Advances in Cryptology - ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia, December 2-6, 2007, Proceedings , 2007, International Conference on the Theory and Application of Cryptology and Information Security.

[18]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[19]  Mihir Bellare,et al.  Hash Functions in the Dedicated-Key Setting: Design Choices and MPP Transforms , 2007, ICALP.

[20]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[21]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[22]  G. V. Assche,et al.  Sponge Functions , 2007 .

[23]  Bart Preneel,et al.  Seven-Property-Preserving Iterated Hashing: ROX , 2007, ASIACRYPT.

[24]  Mridul Nandi Designs of Efficient Secure Large Hash Values , 2004, IACR Cryptol. ePrint Arch..

[25]  Bart Preneel,et al.  Attacks on Fast Double Block Length Hash Functions , 1998, Journal of Cryptology.

[26]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[27]  John P. Steinberger,et al.  The Collision Intractability of MDC-2 in the Ideal Cipher Model , 2007, IACR Cryptol. ePrint Arch..

[28]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[29]  Mihir Bellare,et al.  Multi-Property-Preserving Hash Domain Extension and the EMD Transform , 2006, ASIACRYPT.

[30]  Bruce Schneier One-way hash functions , 1991 .

[31]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[32]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[33]  A. Maximov,et al.  Fast computation of large distributions and its cryptographic applications , 2005 .

[34]  Antoine Joux,et al.  Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions , 2004, CRYPTO.

[35]  Thomas Shrimpton,et al.  Building a Collision-Resistant Compression Function from Non-compressing Primitives , 2008, ICALP.

[36]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[37]  Kaoru Kurosawa,et al.  Towards Secure and Fast Hash Functions , 1998 .

[38]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[39]  Guido Bertoni,et al.  On the Indifferentiability of the Sponge Construction , 2008, EUROCRYPT.

[40]  Stefan Lucks,et al.  A Failure-Friendly Design Principle for Hash Functions , 2005, ASIACRYPT.

[41]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[42]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[43]  Yevgeniy Dodis,et al.  A New Mode of Operation for Block Ciphers and Length-Preserving MACs , 2008, EUROCRYPT.