Abstract. We revisit the enhanced target collision resistance (eTCR) property as a newly emerged notion of security for dedicated-key hash functions, which has been put forth by Halevi and Krawczyk at CRYPTO’06, in conjunction with the Randomized Hashing mode to achieve this property. Our contribution is twofold. Firstly, we provide a full picture of the relationships between eTCR and each of the seven security properties for a dedicatedkey hash function, considered by Rogaway and Shrimpton at FSE’04; namely, collision resistance (CR), the three variants of second-preimage resistance (Sec, aSec, eSec) and the three variants of preimage resistance (Pre, aPre, ePre). The results show that, for an arbitrary dedicated-key hash function, eTCR is not implied by any of these seven properties, and it can only imply three of the properties; namely, eSec (TCR), Sec, Pre. In the second part of the paper, we analyze the eTCR preservation capabilities of several domain extension transforms (a.k.a. modes of operation) for hash functions, including (Plain, Strengthened, and Prefix-free) Merkle-Damg˚ard, Randomized Hashing, Shoup, Enveloped Shoup, XOR Linear Hash (XLH), and Linear Hash (LH). From this analysis it turns out that, with the exception of a nested variant of LH, none of the investigated transforms can preserve the eTCR property.

Abstract. Two of the most recent and powerful multi-property-preserving (MPP) hash domain extension transforms are the Ramdom-Oracle-XOR (ROX) transform and the Enveloped Shoup (ESh) transform. The former was proposed by Andreeva et al. at ASIACRYPT 2007 and the latter was proposed by Bellare and Ristenpart at ICALP 2007. In the existing literature, ten notions of security for hash functions have been considered in analysis of MPP capabilities of domain extension transforms, namely CR, Sec, aSec, eSec (TCR), Pre, aPre, ePre, MAC, PRF, PRO. Andreeva et al. showed that ROX is able to preserve seven properties; namely collision resistance (CR), three flavors of second preimage resistance (Sec, aSec, eSec) and three variants of preimage resistance (Pre, aPre, ePre). Bellare and Ristenpart showed that ESh is capable of preserving five important security notions; namely CR, message authentication code (MAC), pseudorandom function (PRF), pseudorandom oracle (PRO), and target collision resistance (TCR). Nonetheless, there is no further study on these two MPP hash domain extension transforms with regard to the other properties. The aim of this paper is to fill this gap. Firstly, we show that ROX does not preserve two other widely-used and important security notions, namely MAC and PRO. We also show a positive result about ROX, namely that it also preserves PRF. Secondly, we show that ESh does not preserve other four properties, namely Sec, aSec, Pre, and aPre. On the positive side we show that ESh can preserve ePre property. Our results in this paper provide a full picture of the MPP capabilities of both ROX and ESh transforms by completing the property-preservation analysis of these transforms in regard to all ten security