On the Indifferentiability of the Sponge Construction

In this paper we prove that the sponge construction introduced in [4] is indifferentiable from a random oracle when being used with a random transformation or a random permutation and discuss its implications. To our knowledge, this is the first time indifferentiability has been shown for a construction calling a random permutation (instead of an ideal compression function or ideal block cipher) and for a construction generating outputs of any length (instead of a fixed length).

[1]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[2]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[3]  Mihir Bellare,et al.  Multi-Property-Preserving Hash Domain Extension and the EMD Transform , 2006, ASIACRYPT.

[4]  Bart Preneel,et al.  Seven-Property-Preserving Iterated Hashing: ROX , 2007, ASIACRYPT.

[5]  John Kelsey,et al.  Herding Hash Functions and the Nostradamus Attack , 2006, EUROCRYPT.

[6]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[7]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[8]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[9]  Jean-Sébastien Coron,et al.  Merkle-Damgård Revisited: How to Construct a Hash Function , 2005, CRYPTO.

[10]  Hidenori Kuwakado,et al.  Indifferentiability of Single-Block-Length and Rate-1 Compression Functions , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[11]  Bruce Schneier,et al.  Second Preimages on n-bit Hash Functions for Much Less than 2n Work , 2005, IACR Cryptol. ePrint Arch..

[12]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[13]  A. Maximov,et al.  Fast computation of large distributions and its cryptographic applications , 2005 .

[14]  Antoine Joux,et al.  Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions , 2004, CRYPTO.

[15]  Moti Yung,et al.  Indifferentiable Security Analysis of Popular Hash Functions with Prefix-Free Padding , 2006, ASIACRYPT.

[16]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[17]  Bruce Schneier One-way hash functions , 1991 .

[18]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[19]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[20]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[21]  Ueli Maurer,et al.  Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology , 2004, TCC.

[22]  Stefan Lucks,et al.  A Failure-Friendly Design Principle for Hash Functions , 2005, ASIACRYPT.

[23]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[24]  Kaoru Kurosawa,et al.  Advances in Cryptology - ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia, December 2-6, 2007, Proceedings , 2007, International Conference on the Theory and Application of Cryptology and Information Security.

[25]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.