Results 1 
3 of
3
On the impossibility of highlyefficient blockcipherbased hash functions
 in Advances in Cryptology—EUROCRYPT 2005
, 2005
"... Abstract. Fix a small, nonempty set of blockcipher keys K. We say a blockcipherbased hash function is highlyefficient if it makes exactly one blockcipher call for each message block hashed, and all blockcipher calls use a key from K. Although a few highlyefficient constructions have been propose ..."
Abstract

Cited by 28 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Fix a small, nonempty set of blockcipher keys K. We say a blockcipherbased hash function is highlyefficient if it makes exactly one blockcipher call for each message block hashed, and all blockcipher calls use a key from K. Although a few highlyefficient constructions have been proposed, no one has been able to prove their security. In this paper we prove, in the idealcipher model, that it is impossible to construct a highlyefficient iterated blockcipherbased hash function that is provably secure. Our result implies, in particular, that the Tweakable Chain Hash (TCH) construction suggested by Liskov, Rivest, and Wagner [7] is not correct under an instantiation suggested for this construction, nor can TCH be correctly instantiated by any other efficient means.
On the Impossibility of Highly Efficient BlockcipherBased Hash Functions
, 2004
"... We say a blockcipherbased hash function is highly efficient if it makes exactly one blockcipher call for each message block hashed, and all blockcipher calls use a single underlying key. Although a few highly efficient constructions have been proposed, no one has been able to prove their security. ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
We say a blockcipherbased hash function is highly efficient if it makes exactly one blockcipher call for each message block hashed, and all blockcipher calls use a single underlying key. Although a few highly efficient constructions have been proposed, no one has been able to prove their security. In this paper we prove, in the blackbox model, that it is impossible to construct a highly efficient blockcipherbased hash function which is provably secure. Our result implies, in particular, that the Tweakable Chain Hash (TCH) construction suggested by Liskov, Rivest, and Wagner [3] is not correct under an instantiation suggested for this construction, nor can TCH be correctly instantiated by any other efficient means.