Decisional second-preimage resistance: When does SPR imply PRE?

There is a well-known gap between second-preimage resistance and preimage resistance for length-preserving hash functions. This paper introduces a simple concept that fills this gap. One consequence of this concept is that tight reductions can remove interactivity for multi-target length-preserving preimage problems, such as the problems that appear in analyzing hash-based signature systems. Previous reduction techniques applied to only a negligible fraction of all length-preserving hash functions, presumably excluding all off-the-shelf hash functions.

[1]  DunkelmanOrr,et al.  New Second-Preimage Attacks on Hash Functions , 2016 .

[2]  Lea Rausch,et al.  Optimal Parameters for XMSS MT , 2013, CD-ARES Workshops.

[3]  Bruce Schneier,et al.  Second Preimages on n-bit Hash Functions for Much Less than 2n Work , 2005, IACR Cryptol. ePrint Arch..

[4]  Leslie Lamport,et al.  Constructing Digital Signatures from a One Way Function , 2016 .

[5]  David Antin,et al.  100 Great Problems of Elementary Mathematics , 1965 .

[6]  H. Robbins A Remark on Stirling’s Formula , 1955 .

[7]  Tal Malkin,et al.  Efficient Generic Forward-Secure Signatures with an Unbounded Number Of Time Periods , 2002, EUROCRYPT.

[8]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[9]  Philippe Flajolet,et al.  Analytic Combinatorics , 2009 .

[10]  Aziz Mohaisen,et al.  XMSS: eXtended Merkle Signature Scheme , 2018, RFC.

[11]  Charalambos A. Charalambides,et al.  Distributions of Random Partitions and Their Applications , 2007 .

[12]  Thomas Shrimpton,et al.  Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance , 2004, FSE.

[13]  Andreas Hülsing,et al.  W-OTS+ - Shorter Signatures for Hash-Based Signature Schemes , 2013, AFRICACRYPT.

[14]  N. J. A. Sloane,et al.  The On-Line Encyclopedia of Integer Sequences , 2003, Electron. J. Comb..

[15]  Fang Song,et al.  Mitigating Multi-Target Attacks in Hash-based Signatures , 2016, IACR Cryptol. ePrint Arch..

[16]  N. Sloane The on-line encyclopedia of integer sequences , 2018, Notices of the American Mathematical Society.

[17]  P. Flajolet,et al.  Analytic Combinatorics: RANDOM STRUCTURES , 2009 .

[18]  Johannes A. Buchmann,et al.  Merkle Signatures with Virtually Unlimited Signature Capacity , 2007, ACNS.