Non-trivial Black-Box Combiners for Collision-Resistant Hash-Functions Don't Exist

A (k,?)-robust combiner for collision-resistant hash-functions is a construction which from ? hash-functions constructs a hash-function which is collision-resistant if at least kof the components are collision-resistant. One trivially gets a (k,?)-robust combiner by concatenating the output of any ?? k+ 1 of the components, unfortunately this is not very practical as the length of the output of the combiner is quite large. We show that this is unavoidable as no black-box (k,?)-robust combiner whose output is significantly shorter than what can be achieved by concatenation exists. This answers a question of Boneh and Boyen (Crypto'06).

[1]  Ron Steinfeld,et al.  VSH, an Efficient and Provable Collision Resistant Hash Function , 2006, IACR Cryptol. ePrint Arch..

[2]  Ueli Maurer,et al.  Cascade ciphers: The importance of being first , 1993, Journal of Cryptology.

[3]  Jonathan Katz,et al.  Chosen-Ciphertext Security of Multiple Encryption , 2005, TCC.

[4]  Phillip Rogaway,et al.  Formalizing Human Ignorance , 2006, VIETCRYPT.

[5]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[6]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[7]  Daniel R. Simon,et al.  Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? , 1998, EUROCRYPT.

[8]  Antoine Joux,et al.  Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions , 2004, CRYPTO.

[9]  Jonathan Katz,et al.  On Constructing Universal One-Way Hash Functions from Arbitrary One-Way Functions , 2005, IACR Cryptol. ePrint Arch..

[10]  G. Blakley,et al.  An efficient algorithm for constructing a cryptosystem which is harder to break than two other cryptosystems , 1981 .

[11]  Jean-Sébastien Coron,et al.  Merkle-Damgård Revisited: How to Construct a Hash Function , 2005, CRYPTO.

[12]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[13]  Jürg Wullschleger,et al.  Robuster Combiners for Oblivious Transfer , 2007, TCC.

[14]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[15]  Phillip Rogaway,et al.  Formalizing Human Ignorance: Collision-Resistant Hashing without the Keys , 2006, IACR Cryptol. ePrint Arch..

[16]  Amir Herzberg,et al.  On Tolerant Cryptographic Constructions , 2005, CT-RSA.

[17]  Oded Goldreich,et al.  On the power of cascade ciphers , 1985, TOCS.

[18]  Moni Naor,et al.  On Robust Combiners for Oblivious Transfer and Other Primitives , 2005, EUROCRYPT.

[19]  Bartosz Przydatek,et al.  On Robust Combiners for Private Information Retrieval and Other Primitives , 2006, CRYPTO.

[20]  Dan Boneh,et al.  On the Impossibility of Efficiently Combining Collision Resistant Hash Functions , 2006, CRYPTO.