Security/Efficiency Tradeoffs for Permutation-Based Hashing

We provide attacks and analysis that capture a tradeoff, in the ideal-permutation model, between the speed of a permutation-based hash function and its potential security. We show that any 2n-bit to n-bit compression function will have unacceptable collision resistance it makes fewer than three n-bit permutation invocations, and any 3n-bit to 2n-bit compression function will have unacceptable security if it makes fewer than five n-bit permutation invocations. Any rate-a hash function built from n-bit permutations can be broken, in the sense of finding preimages as well as collisions, in about N1-α queries, where N = 2n. Our results provide guidance when trying to design or analyze a permutation-based hash function about the limits of what can possibly be done.

[1]  Stefan Lucks,et al.  A Failure-Friendly Design Principle for Hash Functions , 2005, ASIACRYPT.

[2]  Mihir Bellare,et al.  Hash Function Balance and Its Impact on Birthday Attacks , 2004, EUROCRYPT.

[3]  Shoichi Hirose,et al.  Some Plausible Constructions of Double-Block-Length Hash Functions , 2006, FSE.

[4]  Bart Preneel,et al.  Attacks on Fast Double Block Length Hash Functions , 1998, Journal of Cryptology.

[5]  John Black,et al.  On the Impossibility of Highly-Efficient Blockcipher-Based Hash Functions , 2005, EUROCRYPT.

[6]  Ramarathnam Venkatesan,et al.  Progress in Cryptology - INDOCRYPT 2005, 6th International Conference on Cryptology in India, Bangalore, India, December 10-12, 2005, Proceedings , 2005, INDOCRYPT.

[7]  Yishay Mansour,et al.  A Construction of a Cioher From a Single Pseudorandom Permutation , 1991, ASIACRYPT.

[8]  Yishay Mansour,et al.  A construction of a cipher from a single pseudorandom permutation , 1997, Journal of Cryptology.

[9]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[10]  A. Maximov,et al.  Fast computation of large distributions and its cryptographic applications , 2005 .

[11]  Mridul Nandi Towards Optimal Double-Length Hash Functions , 2005, INDOCRYPT.

[12]  Joos Vandewalle,et al.  On the Power of Memory in the Design of Collision Resistant Hash Functions , 1992, AUSCRYPT.

[13]  John Black,et al.  Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV , 2002, CRYPTO.

[14]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[15]  Kaoru Kurosawa,et al.  Towards Secure and Fast Hash Functions , 1998 .

[16]  Hideki Imai,et al.  Advances in Cryptology — ASIACRYPT '91 , 1991, Lecture Notes in Computer Science.

[17]  Shoichi Hirose,et al.  How to Construct Double-Block-Length Hash Functions ∗ , 2006 .

[18]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .