Blockcipher-Based Hashing Revisited

We revisit the rate-1 blockcipher based hash functions as first studied by Preneel, Govaerts and Vandewalle (Crypto'93) and later extensively analysed by Black, Rogaway and Shrimpton (Crypto'02). We analyse a further generalization where any pre- and postprocessing is considered. This leads to a clearer understanding of the current classification of rate-1 blockcipher based schemes as introduced by Preneel et al. and refined by Black et al. In addition, we also gain insight in chopped, overloaded and supercharged compression functions. In the latter category we propose two compression functions based on a single call to a blockcipher whose collision resistance exceeds the birthday bound on the cipher's blocklength.

[1]  Guido Bertoni,et al.  On the Indifferentiability of the Sponge Construction , 2008, EUROCRYPT.

[2]  Je Hong Park,et al.  Adaptive Preimage Resistance and Permutation-based Hash Functions , 2009, IACR Cryptol. ePrint Arch..

[3]  Stefan Lucks,et al.  A Failure-Friendly Design Principle for Hash Functions , 2005, ASIACRYPT.

[4]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[5]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[6]  Shoichi Hirose Provably Secure Double-Block-Length Hash Functions in a Black-Box Model , 2004, ICISC.

[7]  The Ideal Cipher Model for MACs ? ? , 2003 .

[8]  Bart Preneel,et al.  Seven-Property-Preserving Iterated Hashing: ROX , 2007, ASIACRYPT.

[9]  Jean-Sébastien Coron,et al.  Merkle-Damgård Revisited: How to Construct a Hash Function , 2005, CRYPTO.

[10]  Chao Li,et al.  Improved Collision and Preimage Resistance Bounds on PGV Schemes , 2006, IACR Cryptol. ePrint Arch..

[11]  Philippe Flajolet,et al.  Random Mapping Statistics , 1990, EUROCRYPT.

[12]  Vincent Rijmen,et al.  Second Preimages for Iterated Hash Functions and Their Implications on MACs , 2007, ACISP.

[13]  Joos Vandewalle,et al.  Hash Functions Based on Block Ciphers: A Synthetic Approach , 1993, CRYPTO.

[14]  G. V. Assche,et al.  Sponge Functions , 2007 .

[15]  Stefan Lucks A Collision-Resistant Rate-1 Double-Block-Length Hash Function , 2007, Symmetric Cryptography.

[16]  Xuejia Lai,et al.  Security of Iterated Hash Functions Based on Block Ciphers , 1994, CRYPTO.

[17]  Thomas Shrimpton,et al.  Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance , 2004, FSE.

[18]  S. Griffis EDITOR , 1997, Journal of Navigation.

[19]  Lars R. Knudsen,et al.  The Grindahl Hash Functions , 2007, FSE.

[20]  John Black,et al.  Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV , 2002, CRYPTO.

[21]  Xuejia Lai,et al.  Hash Function Based on Block Ciphers , 1992, EUROCRYPT.

[22]  John Black,et al.  The Ideal-Cipher Model, Revisited: An Uninstantiable Blockcipher-Based Hash Function , 2006, FSE.

[23]  John P. Steinberger,et al.  Security/Efficiency Tradeoffs for Permutation-Based Hashing , 2008, EUROCRYPT.

[24]  C. Colbourn,et al.  Handbook of Combinatorial Designs , 2006 .

[25]  Hongjun Wu,et al.  The Hash Function JH , 2009 .

[26]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[27]  Bruce Schneier One-way hash functions , 1991 .

[28]  Ronald L. Rivest The MD 6 hash function A proposal to NIST for SHA-3 , 2008 .

[29]  Ueli Maurer,et al.  Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology , 2004, TCC.

[30]  Nasour Bagheri,et al.  Hash Functions and Information Theoretic Security , 2009, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[31]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[32]  Yevgeniy Dodis,et al.  Salvaging Merkle-Damgard for Practical Applications , 2009, IACR Cryptol. ePrint Arch..