Internet Archive Scholar

On the Impossibility of Highly-Efficient Blockcipher-Based Hash Functions [chapter]

John Black, Martin Cochran, Thomas Shrimpton
2005 Lecture Notes in Computer Science  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (201.2 kB)
https://web.archive.org/web/20170829055056/https://www.iacr.org/archive/eurocrypt2005/34940527/34940527.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL. The file type is application/pdf.

Fix a small, non-empty set of blockcipher keys K. We say a blockcipher-based hash function is highly-efficient if it makes exactly one blockcipher call for each message block hashed, and all blockcipher calls use a key from K. Although a few highly-efficient constructions have been proposed, no one has been able to prove their security. In this paper we prove, in the ideal-cipher model, that it is impossible to construct a highly-efficient iterated blockcipher-based hash function that is
more » ... y secure. Our result implies, in particular, that the Tweakable Chain Hash (TCH) construction suggested by Liskov, Rivest, and Wagner [7] is not correct under an instantiation suggested for this construction, nor can TCH be correctly instantiated by any other efficient means.
doi:10.1007/11426639_31 fatcat:qgkpqjus75hflgrjqurbxa3w7q
Citation

John Black, Martin Cochran, Thomas Shrimpton. "On the Impossibility of Highly-Efficient Blockcipher-Based Hash Functions." Lecture Notes in Computer Science (2005) 526-541