Results 1 
5 of
5
How to Build a Hash Function from any CollisionResistant Function
, 2007
"... Recent collisionfinding attacks against hash functions such as MD5 and SHA1 motivate the use of provably collisionresistant (CR) functions in their place. Finding a collision in a provably CR function implies the ability to solve some hard problem (e.g., factoring). Unfortunately, existing provab ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
Recent collisionfinding attacks against hash functions such as MD5 and SHA1 motivate the use of provably collisionresistant (CR) functions in their place. Finding a collision in a provably CR function implies the ability to solve some hard problem (e.g., factoring). Unfortunately, existing provably CR functions make poor replacements for hash functions as they fail to deliver behaviors demanded by practical use. In particular, they are easily distinguished from a random oracle. We initiate an investigation into building hash functions from provably CR functions. As a method for achieving this, we present the MixCompressMix (MCM) construction; it envelopes any provably CR function H (with suitable regularity properties) between two injective “mixing” stages. The MCM construction simultaneously enjoys (1) provable collisionresistance in the standard model, and (2) indifferentiability from a monolithic random oracle when the mixing stages themselves are indifferentiable from a random oracle that observes injectivity. We instantiate our new design approach by specifying a blockcipherbased construction that
Constructing VariableLength PRPs and SPRPs from
"... We create variablelength pseudorandom permutations (PRPs) and strong PRPs (SPRPs) accepting any input length chosen from the range of b to 2b bits from fixedlength, bbit PRPs. We utilize the elastic network that underlies the recently introduced concrete design of elastic block ciphers, exploitin ..."
Abstract
 Add to MetaCart
We create variablelength pseudorandom permutations (PRPs) and strong PRPs (SPRPs) accepting any input length chosen from the range of b to 2b bits from fixedlength, bbit PRPs. We utilize the elastic network that underlies the recently introduced concrete design of elastic block ciphers, exploiting it as a network of PRPs. We prove that three and fourround elastic networks are variablelength PRPs and fiveround elastic networks are variablelength SPRPs, accepting any input length that is fixed in the range of b to 2b bits, when the round functions are independently chosen fixedlength PRPs on b bits. We also prove that these are the minimum number of rounds required. Key words: (strong) pseudorandom permutations, block ciphers, variablelength PRPs 1
A Generic Method to Extend Message Space of a Strong Pseudorandom Permutation
"... Abstract. In this paper we present an efficient and secure generic method which can encrypt messages of size at least n. This generic encryption algorithm needs a secure encryption algorithm for messages of multiple of n. The first generic construction, XLS, has been proposed by Ristenpart and Rogaw ..."
Abstract
 Add to MetaCart
Abstract. In this paper we present an efficient and secure generic method which can encrypt messages of size at least n. This generic encryption algorithm needs a secure encryption algorithm for messages of multiple of n. The first generic construction, XLS, has been proposed by Ristenpart and Rogaway in FSE07. It needs two extra invocations of an independently chosen strong pseudorandom permutation or SPRP defined over {0, 1} n for encryption of an incomplete message block. Whereas our construction needs only one invocation of a weak pseudorandom function and two multiplications over a finite field (equivalently, two invocations of an universal hash function). We prove here that the proposed method preserves (tweakable) SPRP. This new construction is meaningful for two reasons. Firstly, it is based on weak pseudorandom function which is a weaker security notion than SPRP. Thus we are able to achieve stronger security from a weaker one. Secondly, in practice, finite field multiplication is more efficient than an invocation of SPRP. Hence our method can be more efficient than XLS. 1
On orthogonal generalized equitable rectangles
, 2008
"... In this note, we give a complete solution of the existence of orthogonal generalized equitable rectangles, which was raised as an open problem in [4]. Key words: orthogonal latin squares, orthogonal equitable rectangles, 1 ..."
Abstract
 Add to MetaCart
In this note, we give a complete solution of the existence of orthogonal generalized equitable rectangles, which was raised as an open problem in [4]. Key words: orthogonal latin squares, orthogonal equitable rectangles, 1
A Synopsis of FormatPreserving Encryption
 UNPUBLISHED MANUSCRIPT
, 2010
"... Formatpreserving encryption (FPE) encrypts a plaintext of some specified format into a ciphertext of the same format—for example, encrypting a socialsecurity number into a socialsecurity number. In this survey we describe FPE and review known techniques for achieving it. These include FFX, a rece ..."
Abstract
 Add to MetaCart
Formatpreserving encryption (FPE) encrypts a plaintext of some specified format into a ciphertext of the same format—for example, encrypting a socialsecurity number into a socialsecurity number. In this survey we describe FPE and review known techniques for achieving it. These include FFX, a recent proposal made to NIST.