Results 1  10
of
11
Lower bounds for multicast message authentication
, 2001
"... Abstract. Message integrity from one sender to one receiver is typically achieved by having the two parties share a secret key to compute a Message Authentication Code (MAC). We consider the “multicast MAC”, which is a natural generalization to multiple receivers. We prove that one cannot build a sh ..."
Abstract

Cited by 38 (0 self)
 Add to MetaCart
Abstract. Message integrity from one sender to one receiver is typically achieved by having the two parties share a secret key to compute a Message Authentication Code (MAC). We consider the “multicast MAC”, which is a natural generalization to multiple receivers. We prove that one cannot build a short and efficient collusion resistant multicast MAC without a new advance in digital signature design. 1
Reducing complexity assumptions for statisticallyhiding commitment
 In EUROCRYPT
, 2005
"... We revisit the following question: what are the minimal assumptions needed to construct statisticallyhiding commitment schemes? Naor et al. show how to construct such schemes based on any oneway permutation. We improve upon this by showing a construction based on any approximable preimagesize one ..."
Abstract

Cited by 29 (8 self)
 Add to MetaCart
(Show Context)
We revisit the following question: what are the minimal assumptions needed to construct statisticallyhiding commitment schemes? Naor et al. show how to construct such schemes based on any oneway permutation. We improve upon this by showing a construction based on any approximable preimagesize oneway function. These are oneway functions for which it is possible to efficiently approximate the number of preimages of a given output. A special case is the class of regular oneway functions where all points in the image of the function have the same number of preimages. We also prove two additional results related to statisticallyhiding commitment. First, we prove a (folklore) parallel composition theorem showing, roughly speaking, that the statistical hiding property of any such commitment scheme is amplified exponentially when multiple independent parallel executions of the scheme are carried out. Second, we show a compiler which transforms any commitment scheme which is statistically hiding against an honestbutcurious receiver into one which is statistically hiding even against a malicious receiver. 1
The Classification of Hash Functions
, 1993
"... When we ask what makes a hash function `good', we usually get an answer which includes collision freedom as the main (if not sole) desideratum. However, we show here that given any collisionfree function, we can derive others which are also collisionfree, but cryptographically useless. This e ..."
Abstract

Cited by 24 (3 self)
 Add to MetaCart
When we ask what makes a hash function `good', we usually get an answer which includes collision freedom as the main (if not sole) desideratum. However, we show here that given any collisionfree function, we can derive others which are also collisionfree, but cryptographically useless. This explains why researchers have not managed to find many interesting consequences of this property. We also prove Okamoto's conjecture that correlation freedom is strictly stronger than collision freedom. We go on to show that there are actually rather many properties which hash functions may need. Hash functions for use with RSA must be multiplication free, in the sense that one cannot find X , Y and Z such that h(X)h(Y ) = h(Z); and more complex requirements hold for other signature schemes. Universal principles can be proposed from which all the freedom properties follow, but like most theoretical principles, they do not seem to give much value to a designer; at the practical level, the main imp...
Structural properties of oneway hash functions
 Advances in cryptology  CRYPTO 90, Lecture Notes in Computer Science
, 1991
"... We study the following two kinds of oneway hash functions: universal oneway hash functions (UOHs) and collision intractable hash functions (CIHs). The main property of the former is that given an initialstring x, it is computationally difficult to find a different string y that collides with x. An ..."
Abstract

Cited by 14 (6 self)
 Add to MetaCart
(Show Context)
We study the following two kinds of oneway hash functions: universal oneway hash functions (UOHs) and collision intractable hash functions (CIHs). The main property of the former is that given an initialstring x, it is computationally difficult to find a different string y that collides with x. And the main property of the latter is that it is computationally difficult to find a pair x � = y of strings such that x collides with y. Our main results are as follows. First we prove that UOHs with respect to initialstrings chosen arbitrarily exist if and only if UOHs with respect to initialstrings chosen uniformly at random exist. Then, as an application of the result, we show that UOHs with respect to initialstrings chosen arbitrarily can be constructed under a weaker assumption, the existence of oneway quasiinjections. Finally, we investigate relationships among various versions of oneway hash functions. We prove that some versions of oneway hash functions are strictly included in others by explicitly constructing hash functions that are oneway in the sense of the former but not in the sense of the latter. 1
Necessary and Sufficient Conditions for CollisionFree Hashing
 Journal of Cryptology
, 1995
"... This paper determines an exact relationship between collisionfree hash functions and other cryptographic primitives. Namely, it introduces a new concept, the pseudopermutation, and shows that the existence of collisionfree hash functions is equivalent to the existence of clawfree pairs of pseudo ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
This paper determines an exact relationship between collisionfree hash functions and other cryptographic primitives. Namely, it introduces a new concept, the pseudopermutation, and shows that the existence of collisionfree hash functions is equivalent to the existence of clawfree pairs of pseudopermutations. We also give a simple construction of collisionfree hash functions from everywheredefined clawfree (pseudo) permutations. 1 Introduction Hash functions with various cryptographic properties have been studied extensively, especially with respect to signing algorithms (see [2, 3, 4, 10, 12, 14, 15]). We focus on the most natural of these functions, the collisionfree hash functions. A function h is a collisionfree hash function if jh(x)j jxj \Gamma 1 and it is infeasible, given h and 1 k , to find a pair (x; y) so that jxj = jyj = k and h(x) = h(y). These functions were first carefully studied by Damgard [2] and have found several applications. In particular, they have b...
Principles for Designing Secure Block Ciphers and OneWay Hash Functions
, 1990
"... This thesis is concerned with issues of designing secure (secretkey) block ciphers and constructing oneway hash functions. Both block ciphers and oneway hash functions are indispensable to secure information systems built on cryptographic techniques. With a block cipher, we can safeguard our impo ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
This thesis is concerned with issues of designing secure (secretkey) block ciphers and constructing oneway hash functions. Both block ciphers and oneway hash functions are indispensable to secure information systems built on cryptographic techniques. With a block cipher, we can safeguard our important information transmitted over insecure communication networks. And with a oneway hash function, we can safely compress very long messages into relatively short ones to improve the overall efficiency of an information system or to detect unauthorized modifications to these messages. The thesis consists of two parts. Part I deals with designing secure block ciphers and Part II with constructing oneway hash functions. The outlines of the two parts are as follows. In Part I, we first prove an impossibility result on constructing pseudorandom permutations from random functions, which is closely related to the design of secure block ciphers. Then we consider the problem of constructing bl...
unknown title
"... Abstract Message integrity from one sender to one receiver is typically achieved by having the two parties share a secret key to compute a Message Authentication Code (MAC). We consider the "multicast MAC", which is a natural generalization to multiple receivers. We prove that one ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract Message integrity from one sender to one receiver is typically achieved by having the two parties share a secret key to compute a Message Authentication Code (MAC). We consider the &quot;multicast MAC&quot;, which is a natural generalization to multiple receivers. We prove that one cannot build a short and efficient collusion resistant multicast MAC without a new advance in digital signature design. 1 Introduction We study the problem of message integrity in the context of a single source multicast. Consider a TV station, such as the Disney channel. The TV station is broadcasting to n receivers. Each receiver would like to ensure that the broadcasts are indeed coming from the Disney channel rather than from a malicious third party (who might be transmitting offensive material). One natural approach would be to employ digital signatures. Suppose the transmitter has a secret signing key and each of the receivers has the corresponding public key. To provide message integrity the transmitter signs every message she broadcasts. No coalition of receivers can forge a message/signature pair that will fool another receiver. Although signatures provide multicast message integrity they are fundamentally an overkill solution for this problem. First, signatures are somewhat expensive to compute. Second, digital signatures provide nonrepudiation: Any receiver can use the signature to prove to a third party that the message came from the transmitter. However, nonrepudiation is unnecessary for message integrity.
On Constructing Universal OneWay Hash Functions from Arbitrary OneWay Functions
, 2005
"... A fundamental result in cryptography is that a digital signature scheme can be constructed from an arbitrary oneway function. A proof of this somewhat surprising statement follows from two results: first, Naor and Yung defined the notion of universal oneway hash functions and showed that the exis ..."
Abstract
 Add to MetaCart
A fundamental result in cryptography is that a digital signature scheme can be constructed from an arbitrary oneway function. A proof of this somewhat surprising statement follows from two results: first, Naor and Yung defined the notion of universal oneway hash functions and showed that the existence of such hash functions implies the existence of secure digital signature schemes. Subsequently, Rompel showed that universal oneway hash functions could be constructed from arbitrary oneway functions. Unfortunately, despite the importance of the result, a complete proof of the latter claim has never been published. In fact, a careful reading of Rompel's original conference publication reveals a number of errors in many of his arguments which have (seemingly) never been addressed. We provide here what is  as far as we know  the first complete writeup of Rompel's proof that universal oneway hash functions can be constructed from arbitrary oneway functions. # Dept. of Computer Science, University of Maryland.
Crypto Topics and Applications I
"... INTRODUCTION In this chapter we discuss four related areas of cryptology, namely: Authentication, Hashing, Message Authentication Codes (MACs), and Digital Signatures. These topics represent currently active and growing research topics in cryptology. Due to space limitations, we concentrate only on ..."
Abstract
 Add to MetaCart
(Show Context)
INTRODUCTION In this chapter we discuss four related areas of cryptology, namely: Authentication, Hashing, Message Authentication Codes (MACs), and Digital Signatures. These topics represent currently active and growing research topics in cryptology. Due to space limitations, we concentrate only on the essential aspects of each topic. The bibliography is intended to supplement our survey. We have included sufficiently many items to provide the interested reader with an overall view of the current state of knowledge in the above areas. Authentication deals with the problem of providing assurance to a receiver that a communicated message originates from a particular transmitter, and that the received message has the same content as the transmitted message. A typical authentication scenario occurs in computer networks, where the identity of two communicating entities is established by means of authentication. Hashing is concerned with the problem