论文信息 - Secure Block Ciphers Are Not Sufficient for One-Way Hash Functions in the Preneel-Govaerts-Vandewalle Model

Secure Block Ciphers Are Not Sufficient for One-Way Hash Functions in the Preneel-Govaerts-Vandewalle Model

There are many proposals of unkeyed hash functions based on block ciphers. Preneel, Govaerts and Vandewalle, in their CRYPTO'93 paper, presented the general model of unkeyed hash functions based on block ciphers such that the size of the hashcode is equal to the block size and is almost equal to the key size. In this article, it is shown that, for every unkeyed hash function in their model, there exist block ciphers secure against the adaptive chosen plaintext attack such that the unkeyed hash function based on them is not one-way. The proof is constructive: the secure block ciphers are explicitly defined based on which one-way unkeyed hash functions cannot be constructed. Some of the block ciphers presented are secure even against the adaptive chosen plaintext/ciphertext attack.

Shoichi Hirose

[1] Ivan Damgård,et al. A Design Principle for Hash Functions , 1989, CRYPTO.

[2] Bart Preneel,et al. The State of Cryptographic Hash Functions , 1998, Lectures on Data Security.

[3] Alfred Menezes,et al. Handbook of Applied Cryptography , 2018 .

[4] Ralph C. Merkle,et al. A fast software one-way hash function , 1990, Journal of Cryptology.

[5] Joos Vandewalle,et al. Hash Functions Based on Block Ciphers: A Synthetic Approach , 1993, CRYPTO.

[6] Pieter Retief Kasselman,et al. Analysis and design of cryptographic hash functions , 1999 .

[7] Daniel R. Simon,et al. Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? , 1998, EUROCRYPT.