Provable Security of BLAKE with Non-ideal Compression Function

We analyze the security of the SHA-3 finalist BLAKE. The BLAKE hash function follows the HAIFA design methodology, and as such it achieves optimal preimage, second preimage and collision resistance, and is indifferentiable from a random oracle up to approximately 2 n/2 assuming the underlying compression function is ideal.

[1]  Eli Biham,et al.  A Framework for Iterative Hash Functions - HAIFA , 2007, IACR Cryptol. ePrint Arch..

[2]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[3]  Bruce Schneier,et al.  Second Preimages on n-bit Hash Functions for Much Less than 2n Work , 2005, IACR Cryptol. ePrint Arch..

[4]  Bart Preneel,et al.  Seven-Property-Preserving Iterated Hashing: ROX , 2007, ASIACRYPT.

[5]  Hovav Shacham,et al.  Careful with Composition: Limitations of the Indifferentiability Framework , 2011, EUROCRYPT.

[6]  Mihir Bellare,et al.  Code-Based Game-Playing Proofs and the Security of Triple Encryption , 2004, IACR Cryptol. ePrint Arch..

[7]  Hongjun Wu,et al.  The Hash Function JH , 2009 .

[8]  Pierre-Alain Fouque,et al.  Practical Hash Functions Constructions Resistant to Generic Second Preimage Attacks Beyond the Birthday Bound , 2010 .

[9]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[10]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[11]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[12]  Bart Preneel,et al.  Security Reductions of the Second Round SHA-3 Candidates , 2010, ISC.

[13]  Andrew W. Appel,et al.  Formal aspects of mobile code security , 1999 .

[14]  J. Leasure,et al.  Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3 , 2007 .

[15]  Thomas Shrimpton,et al.  Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance , 2004, FSE.

[16]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[17]  Ueli Maurer,et al.  Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology , 2004, TCC.

[18]  John Black,et al.  Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV , 2002, CRYPTO.

[19]  Bruce Schneier One-way hash functions , 1991 .

[20]  Stefan Lucks,et al.  The Skein Hash Function Family , 2009 .

[21]  Florian Mendel,et al.  Symmetric Cryptography , 2009 .