论文信息 - Mitigating collision and preimage attacks against the generalized MDC-2 mode of operation

Mitigating collision and preimage attacks against the generalized MDC-2 mode of operation

This paper proposes a set of mechanisms for enhancing the security of the generalized MDC-2 mode of operation. The MDC-2 [4] mode is used for constructing a double length hash function, using block cipher building blocks, and is believed to provide some collision resistance [4], [10]. Recently, several attacks on MDC-2 have been published - collision, first and second pre-image attacks, with complexity below the ideal [2], [7], [8]. In this paper we analyze the root-cause of these attacks, as applied to the generalized MDC-2 mode, and propose techniques for mitigating them. By mitigating we mean that with our amendments the attacks are either not applicable, or their complexity is pushed to ideal.

Michael E. Kounavis | Shay Gueron

[1] Florian Mendel,et al. Cryptanalysis of Vortex , 2009, AFRICACRYPT.

[2] Mihir Bellare,et al. Multi-Property-Preserving Hash Domain Extension and the EMD Transform , 2006, ASIACRYPT.

[3] Michael E. Kounavis,et al. Vortex: A New Family of One-Way Hash Functions Based on AES Rounds and Carry-Less Multiplication , 2008, ISC.

[4] Ivan Damgård,et al. A Design Principle for Hash Functions , 1989, CRYPTO.

[5] Alfred Menezes,et al. Handbook of Applied Cryptography , 2018 .

[6] Frederic P. Miller,et al. Advanced Encryption Standard , 2009 .

[7] Xuejia Lai,et al. Hash Function Based on Block Ciphers , 1992, EUROCRYPT.

[8] Florian Mendel,et al. Cryptanalysis of MDC-2 , 2009, EUROCRYPT.

[9] John P. Steinberger,et al. The Collision Intractability of MDC-2 in the Ideal Cipher Model , 2007, IACR Cryptol. ePrint Arch..