Skip to main content
SpringerLink
Log in

Indifferentiability of Double Length Compression Functions

  • Conference paper
Cryptography and Coding (IMACC 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8308))

Included in the following conference series:

Abstract

Double block length hashing covers the idea of constructing a compression function on 2n bits using an n-bit block cipher. In this work, we present a comprehensive indifferentiability analysis of all relevant double length compression functions. Indifferentiability is a stronger security notion than collision and preimage resistance and ensures that a design has no structural flaws. It is very well suited for composition: using an indifferentiable compression function in a proper mode of operation supplies an indifferentiable hash function. Yet, as we demonstrate compression function indifferentiability is not at all a triviality: almost all double length compression functions, including Tandem-DM and Jetchev et al.’s, appear to be differentiable from a random function in 2 queries. Nevertheless, we also prove that two known functions are indifferentiable: the MDC-4 compression function (up to 2n/4 queries tight) and Mennink’s function (up to 2n/2 queries tight).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Andreeva, E., Neven, G., Preneel, B., Shrimpton, T.: Seven-property-preserving iterated hashing: ROX. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 130–146. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  2. Armknecht, F., Fleischmann, E., Krause, M., Lee, J., Stam, M., Steinberger, J.: The preimage security of double-block-length compression functions. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 233–251. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  3. Bellare, M., Ristenpart, T.: Multi-property-preserving hash domain extension and the EMD transform. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 299–314. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  4. Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-damgård revisited: How to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430–448. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. Fleischmann, E., Gorski, M., Lucks, S.: Security of cyclic double block length hash functions. In: Parker, M.G. (ed.) Cryptography and Coding 2009. LNCS, vol. 5921, pp. 153–175. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  6. Hirose, S.: Provably secure double-block-length hash functions in a black-box model. In: Park, C.-s., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 330–342. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  7. Hirose, S.: Some plausible constructions of double-block-length hash functions. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 210–225. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  8. Hirose, S., Park, J.H., Yun, A.: A simple variant of the merkle-damgård scheme with a permutation. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 113–129. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  9. Jetchev, D., Özen, O., Stam, M.: Collisions are not incidental: A compression function exploiting discrete geometry. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 303–320. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  10. Kuwakado, H., Morii, M.: Indifferentiability of single-block-length and rate-1 compression functions. IEICE Transactions 90-A(10), 2301–2308 (2007)

    Article  Google Scholar 

  11. Lai, X., Massey, J.L.: Hash functions based on block ciphers. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 55–70. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  12. Lee, J., Kwon, D.: The security of Abreast-DM in the ideal cipher model. Cryptology ePrint Archive, Report 2009/225 (2009)

    Google Scholar 

  13. Lee, J., Stam, M.: MJH: A faster alternative to MDC-2. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 213–236. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  14. Lee, J., Stam, M., Steinberger, J.: The collision security of tandem-DM in the ideal cipher model. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 561–577. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  15. Lee, J., Stam, M., Steinberger, J.: The preimage security of double-block-length compression functions. Cryptology ePrint Archive, Report 2011/210 (2011)

    Google Scholar 

  16. Lee, J., Steinberger, J.: Multi-property-preserving domain extension using polynomial-based modes of operation. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 573–596. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  17. Lucks, S.: A collision-resistant rate-1 double-block-length hash function (Symmetric Cryptography, Dagstuhl Seminar Proceedings 07021) (2007)

    Google Scholar 

  18. Maurer, U.M., Renner, R.S., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21–39. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  19. Maurer, U.M., Tessaro, S.: Domain extension of public random functions: Beyond the birthday barrier. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 187–204. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  20. Mennink, B.: Optimal collision security in double block length hashing with single length key. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 526–543. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  21. Mennink, B.: On the collision and preimage security of MDC-4 in the ideal cipher model. In: Designs, Codes and Cryptography (to appear, 2013)

    Google Scholar 

  22. Meyer, C., Schilling, M.: Secure program load with manipulation detection code. In: Proc. Securicom., pp. 111–130 (1988)

    Google Scholar 

  23. Özen, O.: Design and Analysis of Multi-Block-Length Hash Functions. PhD thesis, École Polytechnique Fédérale de Lausanne, Lausanne (2012)

    Google Scholar 

  24. Özen, O., Stam, M.: Another glance at double-length hashing. In: Parker, M.G. (ed.) Cryptography and Coding 2009. LNCS, vol. 5921, pp. 176–201. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  25. Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: A synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  26. Ristenpart, T., Shacham, H., Shrimpton, T.: Careful with composition: Limitations of the indifferentiability framework. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 487–506. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  27. Stam, M.: Beyond uniformity: Better security/Efficiency tradeoffs for compression functions. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 397–412. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  28. Stam, M.: Blockcipher-based hashing revisited. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 67–83. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  29. Steinberger, J.P.: The collision intractability of MDC-2 in the ideal-cipher model. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 34–51. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. Electrical Engineering, ESAT/COSIC, KU Leuven, and iMinds, Belgium

    Bart Mennink

Authors
  1. Bart Mennink
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Science, University of Bristol, Woodland Road, BS8 1UB, Bristol, UK

    Martijn Stam

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mennink, B. (2013). Indifferentiability of Double Length Compression Functions. In: Stam, M. (eds) Cryptography and Coding. IMACC 2013. Lecture Notes in Computer Science, vol 8308. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-45239-0_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-45239-0_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-45238-3

  • Online ISBN: 978-3-642-45239-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation