An Analysis of the Blockcipher-Based Hash Functions from PGVReportar como inadecuado

An Analysis of the Blockcipher-Based Hash Functions from PGV - Descarga este documento en PDF. Documentación en PDF para descargar gratis. Disponible también para leer online.

Published in: Journal Of Cryptology (ISSN: 0933-2790), vol. 23, p. 519-545 Springer Verlag, 2010

Preneel, Govaerts, and Vandewalle (1993) considered the 64 most basic ways to construct a hash function H: {0, 1}*->{0, 1}(n) from a blockcipher E: {0, 1}(n) x {0, 1}(n)->{0,1}(n). They regarded 12 of these 64 schemes as secure, though no proofs or formal claims were given. Here we provide a proof-based treatment of the PGV schemes. We show that, in the ideal-cipher model, the 12 schemes considered secure by PGV really are secure: we give tight upper and lower bounds on their collision resistance. Furthermore, by stepping outside of the Merkle-Damgard approach to analysis, we show that an additional 8 of the PGV schemes are just as collision resistant (up to a constant). Nonetheless, we are able to differentiate among the 20 collision-resistant schemes by considering their preimage resistance: only the 12 initial schemes enjoy optimal preimage resistance. Our work demonstrates that proving ideal-cipher-model bounds is a feasible and useful step for understanding the security of blockcipher-based hash-function constructions.

Keywords: Blockcipher ; Collision-resistant hash function ; Cryptographic hash function ; Ideal-cipher model ; Modes of operation ; Ideal-Cipher Model ; Security/Efficiency Tradeoffs ; Collision Resistance ; Merkle-Damgard ; Block Ciphers ; Security ; Impossibility ; Indifferentiability ; Code Reference EPFL-ARTICLE-172411doi:10.1007/s00145-010-9071-0View record in Web of Science

Autor: Black, J.; Rogaway, P.; Shrimpton, T.; Stam, Martijn


Documentos relacionados