Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV.

Our work demonstrates that proving ideal-cipher-model bounds is a feasible and useful step for understanding the security of blockcipher-based hash-function constructions. ... Preneel, Govaerts, and Vandewalle (1993) considered the 64 most basic ways to construct a hash function H : {0, 1} * → {0, 1} n from a blockcipher E: {0, 1} n ×{0, 1} n → {0, 1} n . ... For the journal revision, Phil received additional support from NSF award CNS-0904380 and Tom from CNS-0627752 and An Analysis of the Blockcipher-Based Hash Functions from PGV 543 NSF CAREER award CNS- ...

doi:10.1007/3-540-45708-9_21 fatcat:cup4mcjl5ndqhfvp377prxf2zq

At ASIACRYPT 2006, Chang et al. analyzed the indifferentiability of some popular hash functions based on block ciphers, namely, the twenty collision resistant PGV, the MDC2 and the PBGV hash functions, ... First, a more precise definition is proposed on the indifferentiability adversary in block-cipher-based hash functions. ... Acknowledgments.We would like to thank the anonymous reviewers for helpful comments that improved the presentation of this paper. ...

doi:10.1007/s10623-008-9208-4 fatcat:yct5ywai2jdt5mnahzvvpfrvxm

We also relate the ideal ciphers in the PGV constructions with those in double-block-length hash functions such as Tandem-DM, Abreast-DM, and Hirose-DM. ... sizes of the hash functions in the schemes. ... Acknowledgments The work described in this paper has been supported in part by the European ...

doi:10.1007/978-3-642-38348-9_26 fatcat:w4cy6w54mnhvncercylaxlyyxy

This article discusses the provable security of blockcipher-based hash functions. It introduces a new model called a weak ideal cipher model. ... It is shown that collision resistant hash functions can be constructed even in this weak model. ... It is mainly because the collision resistance of a hash function cannot be implied by the pseudorandomness of the underlying block cipher as a black-box [9] . ...

doi:10.1587/transfun.e95.a.252 fatcat:c22mqie2pzhu5gfa6d5o6wxvpi

In [1] it was proved that 20 out of 64 PGV-hash functions [2] based on block cipher are collision resistant and one-way-secure in blackbox model of the underlying block cipher. ... Here, we generalize the definition of PGV-hash function into a hash family and prove that besides the previous 20 hash functions we have 22 more collision resistant and one-way secure hash families. ... Conclusion In this paper we first generalized the definition of PGV-hash functions into a PGV-hash families. ...

doi:10.1007/978-3-540-27800-9_19 fatcat:sdbn3by2nrec7im7m33ggryqrq

In this work, we revisit the security analysis of AES-128 instantiated hash modes. We use biclique cryptanalysis technique as our basis for the attack. ... The second preimage attack complexities differ based on the PGV construction chosenthe lowest being 2 126.3 and the highest being 2 126.67 complexity. ... proposed 64 basic ways to construct a n-bit compression function from a n-bit block cipher (under a n-bit key). Black et al. ...

doi:10.1007/978-3-319-38898-4_1 fatcat:jfjoalmktrbi5knmwr2yxvbjoa

Shrimpton, "Black-box analysis of the block-cipher-based hash-function constructions from PGV," in CRYPTO 2002, Lecture Notes in Computer Science, M. ... Vandewalle, "Hash functions based on block ciphers: A synthetic approach," in CRYPTO 1993, Lecture Notes in Computer Science, D. R. Stinson ed., vol. 773, pp. 368-378, Springer-Verlag, 1993. 4 R. C. ...

doi:10.1587/essfr.4.57 fatcat:g4xffnowljdnhp552jvvzj2h7i

In this paper we attack a 2n-bit double length hash function proposed by Lee et al. This proposal is a blockcipher-based hash function with hash rate 2/3. ... However, we find a collision attack with complexity of Ω(2 3n/4 ) and a preimage attack with complexity of Ω(2 n ). Our result shows this construction is much worse than an ideal 2n-bit hash function. ... The ideal cipher model, also called the black box model, is a formal model for the security analysis of blockcipher-based hash functions. ...

doi:10.1007/s12095-014-0117-2 fatcat:zjwse6cfgzhi7j723y6sqs6d6m

However, the latter MACs offer relatively low efficiency. In this paper, we investigate the feasibility of constructing rate-1 MACs from related-key unpredictable block ciphers. ... Almost all current block-cipher-based MACs reduce their security to the pseudorandomness of their underlying block ciphers, except for a few of them to the unpredictability, a strictly weaker security ... The authors would like to thank the anonymous referees for their valuable comments. Special thanks to Kan Yasuda for his help to revise this paper. ...

doi:10.1007/978-3-642-13858-4_14 fatcat:3xeqkg4laza3nniqcnzu4jw2zi

Our work demonstrates that proving ideal-cipher-model bounds is a feasible and useful step for understanding the security of blockcipher-based hash-function constructions. ... Preneel, Govaerts, and Vandewalle (1993) considered the 64 most basic ways to construct a hash function H : {0, 1} * → {0, 1} n from a blockcipher E: {0, 1} n ×{0, 1} n → {0, 1} n . ... For the journal revision, Phil received additional support from NSF award CNS-0904380 and Tom from CNS-0627752 and An Analysis of the Blockcipher-Based Hash Functions from PGV 543 NSF CAREER award CNS- ...

doi:10.1007/s00145-010-9071-0 fatcat:mnuhcz7qznet3bnz7gx4afwfdm

Most of existing hash functions are designed to evaluate a compression function with a finite domain in a mode of operation, and the compression function itself is often designed from block ciphers or ... We present a survey on the state of the art in hash function security and modular design analysis. ... This work was supported in part by the Research Council KU Leuven: GOA TENSE (GOA/11/007). Elena Andreeva and Bart Mennink are Postdoctoral Fellows of the Research Foundation -Flanders (FWO). ...

doi:10.1007/s10623-015-0096-0 fatcat:alir2p5gybgvrbup5jfvjf45te

In particular, we observe that there are sixteen PGV hash functions (with prefix-free padding) which are indifferentiable from random oracle model in the ideal cipher model. ... also some double block length (DBL) constructions) in the random oracle model and in the ideal cipher model. ... Coron et al. stated the indifferentiability of prefix free MD construction in random oracle (or in ideal cipher model in the case of block-cipher based construction). ...

doi:10.1007/11935230_19 fatcat:e7iykhabxbg23cbhm6gic2fzfi

This article discusses the provable security of pseudorandom-function (PRF) modes of an iterated hash function using a block cipher. ... It is also confirmed that the MMO compression function is the best choice with MDP among the block-cipher-based compression functions in the Preneel-Govaerts-Vandewalle model in terms of the provable security ... This research was supported by the National Institute of Information and Communications Technology, Japan. ...

doi:10.1587/transfun.e92.a.2447 fatcat:dazzpeuiobbfhjfhy7mj5klpyu

Hash functions are widely used in authentication. In this paper, the security of Lin et al.'s efficient block-cipher-based hash function is reviewed. By using Joux's multicollisions and Kelsey et al.' ... s hash construction. ... Black-box model is a well-known security model for the analysis of block-cipher-based hash functions. ...

doi:10.1109/itapp.2010.5566639 fatcat:exefncyj65htrjmguchm6kqff4

We identify two important classes of security arguments for the new designs: (1) the possible reductions of the hash function security to the security of its underlying building blocks, and (2) arguments ... An important criterion in the selection process is the SHA-3 hash function security. ... [71] analyzed and categorized 64 block cipher based compression functions. Twelve of them were formally proven secure by Black et al. [25] . ...

doi:10.1007/s10207-012-0156-7 fatcat:s2dmf5danrewpptmrpj7qvbuui

Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV [chapter]

Preserved Fulltext

A synthetic indifferentiability analysis of some block-cipher-based hash functions

Preserved Fulltext

Ideal-Cipher (Ir)reducibility for Blockcipher-Based Hash Functions [chapter]

Preserved Fulltext

Collision Resistance of Hash Functions in a Weak Ideal Cipher Model

Preserved Fulltext

A Generalization of PGV-Hash Functions and Security Analysis in Black-Box Model [chapter]

Preserved Fulltext

Biclique Cryptanalysis of Full Round AES-128 Based Hashing Modes [chapter]

Preserved Fulltext

Cryptographic Hash Functions: 暗号学的ハッシュ関数

Preserved Fulltext

Attacks on a double length blockcipher-based hash proposal

Preserved Fulltext

Constructing Rate-1 MACs from Related-Key Unpredictable Block Ciphers: PGV Model Revisited [chapter]

Preserved Fulltext

An Analysis of the Blockcipher-Based Hash Functions from PGV

Preserved Fulltext

Open problems in hash function security

Preserved Fulltext

Indifferentiable Security Analysis of Popular Hash Functions with Prefix-Free Padding [chapter]

Preserved Fulltext

Efficient Pseudorandom-Function Modes of a Block-Cipher-Based Hash Function

Preserved Fulltext

Cryptanalysis of Lin et al.'s Efficient Block-Cipher-Based Hash Function

Preserved Fulltext

On security arguments of the second round SHA-3 candidates

Preserved Fulltext

Cryptographic Hash Functions:
暗号学的ハッシュ関数