Abstract
In this paper, we study the indifferentiable security of the domain extension algorithm of the PHOTON hash function that was proven to be indifferentiable from a random oracle up to \(\mathcal{O}(2^{\min\{ c/2, c^\prime/2 \}})\) query complexity, where c is the capacity in the absorbing step of PHOTON and c ′ is that in the squeezing step. By reducing the size c ′, one can reduce the processing time spent by PHOTON, while the indifferentiable security is degraded. Note that there is no generic attack on PHOTON with \(\mathcal{O}(2^{c^\prime/2})\) query complexity. Thus it is interesting to investigate the optimality of the indifferentiable security and the size of c ′ ensuring the \(\mathcal{O}(2^{c/2})\) security.
For these motivations, first, we prove that PHOTON is indifferentiable from a random oracle up to \(\mathcal{O}(\min \{ q_{\mathsf{mcoll}} (d^\ast,c-c^\prime ), 2^{c/2} \})\) query complexity where q mcoll (d ∗ ,c − c ′) is the query complexity to find a d ∗ -multi-collision of (c − c ′) bits of hash values and d ∗ satisfies \(q_{\mathsf{mcoll}} (d^\ast,c-c^\prime ) = 2^{c^\prime }/d^\ast\). We also show that there exists a generic attack on PHOTON with the same query complexity. Thus the indifferentiable security of our proof is optimal.
Second, by using this bound we study the parameter c ′ ensuring the \(\mathcal{O}(2^{c/2})\) security. We show that the \(\mathcal{O}(2^{c/2})\) security is ensured if c ′ ≥ c/2 + log2 c, which implies that we can reduce the processing time by PHOTON with keeping the same indifferentiable security.
Finally, we propose a faster construction than PHOTON with keeping the same indifferentiable security, where the length of the first message block is modified from r bits to r + c/2 bits.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andreeva, E., Mennink, B., Preneel, B.: The Parazoa Family: Generalizing the Sponge Hash Functions. Int. J. Inf. Sec. 11 (2012)
Aumasson, J.-P., Henzen, L., Meier, W., Naya-Plasencia, M.: Quark: A Lightweight Hash. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 1–15. Springer, Heidelberg (2010)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak sponge function family, http://keccak.noekeon.org/
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge functions. In: ECRYPT Hash Workshop (2007)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the Indifferentiability of the Sponge Construction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008)
Bogdanov, A., Knežević, M., Leander, G., Toz, D., Varıcı, K., Verbauwhede, I.: spongent: A Lightweight Hash Function. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 312–325. Springer, Heidelberg (2011)
Canteaut, A., Fuhr, T., Naya-Plasencia, M., Paillier, P., Reinhard, J.-R., Videau, M.: A Unified Indifferentiability Proof for Permutation- or Block Cipher-Based Hash Functions. IACR Cryptology ePrint Archive, 2012/363
Chang, D., Nandi, M.: Improved Indifferentiability Security Analysis of chopMD Hash Function. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 429–443. Springer, Heidelberg (2008)
Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damgård Revisited: How to Construct a Hash Function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430–448. Springer, Heidelberg (2005)
Guo, J., Peyrin, T., Poschmann, A.: The photon family of lightweight hash functions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 222–239. Springer, Heidelberg (2011)
Maurer, U.M., Renner, R., Holenstein, C.: Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21–39. Springer, Heidelberg (2004)
Naito, Y., Sasaki, Y., Wang, L., Yasuda, K.: Generic State-Recovery and Forgery Attacks on ChopMD-MAC and on NMAC/HMAC. In: Sakiyama, K., Terada, M. (eds.) IWSEC 2013. LNCS, vol. 8231, pp. 83–98. Springer, Heidelberg (2013)
Ristenpart, T., Shacham, H., Shrimpton, T.: Careful with Composition: Limitations of the Indifferentiability Framework. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 487–506. Springer, Heidelberg (2011)
Steinberger, J.P.: The Collision Intractability of MDC-2 in the Ideal-Cipher Model. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 34–51. Springer, Heidelberg (2007)
Suzuki, K., Tonien, D., Kurosawa, K., Toyota, K.: Birthday paradox for multi-collisions. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 29–40. Springer, Heidelberg (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Naito, Y., Ohta, K. (2014). Improved Indifferentiable Security Analysis of PHOTON . In: Abdalla, M., De Prisco, R. (eds) Security and Cryptography for Networks. SCN 2014. Lecture Notes in Computer Science, vol 8642. Springer, Cham. https://doi.org/10.1007/978-3-319-10879-7_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-10879-7_20
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10878-0
Online ISBN: 978-3-319-10879-7
eBook Packages: Computer ScienceComputer Science (R0)