Results 1 
6 of
6
Lower bounds for multicast message authentication
, 2001
"... Abstract. Message integrity from one sender to one receiver is typically achieved by having the two parties share a secret key to compute a Message Authentication Code (MAC). We consider the “multicast MAC”, which is a natural generalization to multiple receivers. We prove that one cannot build a sh ..."
Abstract

Cited by 39 (0 self)
 Add to MetaCart
Abstract. Message integrity from one sender to one receiver is typically achieved by having the two parties share a secret key to compute a Message Authentication Code (MAC). We consider the “multicast MAC”, which is a natural generalization to multiple receivers. We prove that one cannot build a short and efficient collusion resistant multicast MAC without a new advance in digital signature design. 1
The Classification of Hash Functions
, 1993
"... When we ask what makes a hash function `good', we usually get an answer which includes collision freedom as the main (if not sole) desideratum. However, we show here that given any collisionfree function, we can derive others which are also collisionfree, but cryptographically useless. This explai ..."
Abstract

Cited by 24 (3 self)
 Add to MetaCart
When we ask what makes a hash function `good', we usually get an answer which includes collision freedom as the main (if not sole) desideratum. However, we show here that given any collisionfree function, we can derive others which are also collisionfree, but cryptographically useless. This explains why researchers have not managed to find many interesting consequences of this property. We also prove Okamoto's conjecture that correlation freedom is strictly stronger than collision freedom. We go on to show that there are actually rather many properties which hash functions may need. Hash functions for use with RSA must be multiplication free, in the sense that one cannot find X , Y and Z such that h(X)h(Y ) = h(Z); and more complex requirements hold for other signature schemes. Universal principles can be proposed from which all the freedom properties follow, but like most theoretical principles, they do not seem to give much value to a designer; at the practical level, the main imp...
Reducing complexity assumptions for statisticallyhiding commitment
 In EUROCRYPT
, 2005
"... We revisit the following question: what are the minimal assumptions needed to construct statisticallyhiding commitment schemes? Naor et al. show how to construct such schemes based on any oneway permutation. We improve upon this by showing a construction based on any approximable preimagesize one ..."
Abstract

Cited by 24 (8 self)
 Add to MetaCart
We revisit the following question: what are the minimal assumptions needed to construct statisticallyhiding commitment schemes? Naor et al. show how to construct such schemes based on any oneway permutation. We improve upon this by showing a construction based on any approximable preimagesize oneway function. These are oneway functions for which it is possible to efficiently approximate the number of preimages of a given output. A special case is the class of regular oneway functions where all points in the image of the function have the same number of preimages. We also prove two additional results related to statisticallyhiding commitment. First, we prove a (folklore) parallel composition theorem showing, roughly speaking, that the statistical hiding property of any such commitment scheme is amplified exponentially when multiple independent parallel executions of the scheme are carried out. Second, we show a compiler which transforms any commitment scheme which is statistically hiding against an honestbutcurious receiver into one which is statistically hiding even against a malicious receiver. 1
Structural properties of oneway hash functions
 Advances in cryptology  CRYPTO 90, Lecture Notes in Computer Science
, 1991
"... We study the following two kinds of oneway hash functions: universal oneway hash functions (UOHs) and collision intractable hash functions (CIHs). The main property of the former is that given an initialstring x, it is computationally difficult to find a different string y that collides with x. An ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
We study the following two kinds of oneway hash functions: universal oneway hash functions (UOHs) and collision intractable hash functions (CIHs). The main property of the former is that given an initialstring x, it is computationally difficult to find a different string y that collides with x. And the main property of the latter is that it is computationally difficult to find a pair x � = y of strings such that x collides with y. Our main results are as follows. First we prove that UOHs with respect to initialstrings chosen arbitrarily exist if and only if UOHs with respect to initialstrings chosen uniformly at random exist. Then, as an application of the result, we show that UOHs with respect to initialstrings chosen arbitrarily can be constructed under a weaker assumption, the existence of oneway quasiinjections. Finally, we investigate relationships among various versions of oneway hash functions. We prove that some versions of oneway hash functions are strictly included in others by explicitly constructing hash functions that are oneway in the sense of the former but not in the sense of the latter. 1
Necessary and Sufficient Conditions for CollisionFree Hashing
 Journal of Cryptology
, 1995
"... This paper determines an exact relationship between collisionfree hash functions and other cryptographic primitives. Namely, it introduces a new concept, the pseudopermutation, and shows that the existence of collisionfree hash functions is equivalent to the existence of clawfree pairs of pseudo ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
This paper determines an exact relationship between collisionfree hash functions and other cryptographic primitives. Namely, it introduces a new concept, the pseudopermutation, and shows that the existence of collisionfree hash functions is equivalent to the existence of clawfree pairs of pseudopermutations. We also give a simple construction of collisionfree hash functions from everywheredefined clawfree (pseudo) permutations. 1 Introduction Hash functions with various cryptographic properties have been studied extensively, especially with respect to signing algorithms (see [2, 3, 4, 10, 12, 14, 15]). We focus on the most natural of these functions, the collisionfree hash functions. A function h is a collisionfree hash function if jh(x)j jxj \Gamma 1 and it is infeasible, given h and 1 k , to find a pair (x; y) so that jxj = jyj = k and h(x) = h(y). These functions were first carefully studied by Damgard [2] and have found several applications. In particular, they have b...
On Constructing Universal OneWay Hash Functions from Arbitrary OneWay Functions
, 2005
"... A fundamental result in cryptography is that a digital signature scheme can be constructed from an arbitrary oneway function. A proof of this somewhat surprising statement follows from two results: first, Naor and Yung defined the notion of universal oneway hash functions and showed that the exis ..."
Abstract
 Add to MetaCart
A fundamental result in cryptography is that a digital signature scheme can be constructed from an arbitrary oneway function. A proof of this somewhat surprising statement follows from two results: first, Naor and Yung defined the notion of universal oneway hash functions and showed that the existence of such hash functions implies the existence of secure digital signature schemes. Subsequently, Rompel showed that universal oneway hash functions could be constructed from arbitrary oneway functions. Unfortunately, despite the importance of the result, a complete proof of the latter claim has never been published. In fact, a careful reading of Rompel's original conference publication reveals a number of errors in many of his arguments which have (seemingly) never been addressed. We provide here what is  as far as we know  the first complete writeup of Rompel's proof that universal oneway hash functions can be constructed from arbitrary oneway functions. # Dept. of Computer Science, University of Maryland.