Results 11  20
of
72
On the power of memory in the design of collision resistant hash functions
 Advances in Cryptology, Proc. Auscrypt'92, LNCS 718
, 1993
"... Abstract. Collision resistant hash functions are an important basic tool for cryptographic applications such as digital signature schemes and integrity protection based on “fingerprinting”. This paper proposes a new efficient class of hash functions based on a block cipher that allows for a tradeoff ..."
Abstract

Cited by 10 (6 self)
 Add to MetaCart
(Show Context)
Abstract. Collision resistant hash functions are an important basic tool for cryptographic applications such as digital signature schemes and integrity protection based on “fingerprinting”. This paper proposes a new efficient class of hash functions based on a block cipher that allows for a tradeoff between security and speed. The principles behind the scheme can be used to optimize similar proposals. 1
Hash functions and RFID tags: Mind the gap
 of Lecture Notes in Computer Science
, 2008
"... Abstract. The security challenges posed by RFIDtag deployments are wellknown. In response there is a rich literature on new cryptographic protocols and an ontag hash function is often assumed by protocol designers. Yet cheap tags pose severe implementation challenges and it is far from clear that ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
(Show Context)
Abstract. The security challenges posed by RFIDtag deployments are wellknown. In response there is a rich literature on new cryptographic protocols and an ontag hash function is often assumed by protocol designers. Yet cheap tags pose severe implementation challenges and it is far from clear that a suitable hash function even exists. In this paper we consider the options available, including constructions based around compact block ciphers. While we describe the most compact hash functions available today, our work serves to highlight the difficulties in designing lightweight hash functions and (echoing [17]) we urge caution when routinely appealing to a hash function in an RFIDtag protocol. 1
SAFER K64: One Year Later
, 1995
"... this paper where we refer to the resultant cipher as SAFER K#128. Hereafter, we will say simply `SAFER' when our remarks apply to both SAFER K#64 and SAFER K#128. ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
this paper where we refer to the resultant cipher as SAFER K#128. Hereafter, we will say simply `SAFER' when our remarks apply to both SAFER K#64 and SAFER K#128.
The security of abreastdm in the ideal cipher model
"... Abstract. In this paper, we give a security proof for AbreastDM in terms of collision resistance and preimage resistance. As old as TandemDM, the compression function AbreastDM is one of the most wellknown constructions for double block length compression functions. The bounds on the number of q ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we give a security proof for AbreastDM in terms of collision resistance and preimage resistance. As old as TandemDM, the compression function AbreastDM is one of the most wellknown constructions for double block length compression functions. The bounds on the number of queries for collision resistance and preimage resistance are given by O (2 n). Based on a novel technique using queryresponse cycles, our security proof is simpler than those for MDC2 and TandemDM. We also present a wide class of AbreastDM variants that enjoy a birthdaytype security guarantee with a simple proof. 1
On the Security of TandemDM
"... Abstract. We provide the first proof of security for TandemDM, one of the oldest and most wellknown constructions for turning a blockcipher with nbit blocklength and 2nbit keylength into a 2nbit cryptographic hash function. We prove, that when TandemDM is instantiated with AES256, i.e. blockle ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We provide the first proof of security for TandemDM, one of the oldest and most wellknown constructions for turning a blockcipher with nbit blocklength and 2nbit keylength into a 2nbit cryptographic hash function. We prove, that when TandemDM is instantiated with AES256, i.e. blocklength 128 bits and keylength 256 bits, any adversary that asks less than 2 120.4 queries cannot find a collision with success probability greater than 1/2. We also prove a bound for preimage resistance of TandemDM. Interestingly, as there is only one practical construction known (FSE’06, Hirose) turning such an (n,2n)bit blockcipher into a 2nbit compression function that has provably birthdaytype collision resistance, TandemDM is one out of two structures that possess this desirable feature.
MJH: A Faster Alternative to MDC2
 CTRSA 2011, LNCS 6558
, 2011
"... Abstract. In this paper, we introduce a new class of doubleblocklength hash functions. Using the ideal cipher model, we prove that these hash functions, dubbed MJH, are asymptotically collision resistant up to O(2n(1−)) query complexity for any > 0 in the iteration, where n is the block size of ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we introduce a new class of doubleblocklength hash functions. Using the ideal cipher model, we prove that these hash functions, dubbed MJH, are asymptotically collision resistant up to O(2n(1−)) query complexity for any > 0 in the iteration, where n is the block size of the underlying blockcipher. When based on nbit key blockciphers, our construction, being of rate 1/2, provides better provable security than MDC2, the only known construction of a rate1/2 doublelength hash function based on an nbit key blockcipher with nontrivial provable security. Moreover, since key scheduling is performed only once per message block for MJH, our proposal significantly outperforms MDC2 in efficiency. When based on a 2nbit key blockcipher, we can use the extra n bits of key to increase the amount of payload accordingly. Thus we get a rate1 hash function that is much faster than existing proposals, such as TandemDM with comparable provable security. This is the full version of [19]. 1
New Attacks on all Double Block Length Hash Functions of Hash Rate 1, including the ParallelDM
, 1995
"... . In this paper attacks on double block length hash functions using a block cipher are considered. We present attacks on all double block length hash functions of hash rate 1, that is, hash functions where in each round the block cipher is used twice, s.t. one encryption is needed per message block. ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
. In this paper attacks on double block length hash functions using a block cipher are considered. We present attacks on all double block length hash functions of hash rate 1, that is, hash functions where in each round the block cipher is used twice, s.t. one encryption is needed per message block. In particular, our attacks break the ParallelDM presented at Crypto'93[3]. 1 Introduction A hash function is an easily implementable mapping from the set of all binary sequences to the set of binary sequences of some fixed length. An iterated hash function is a hash function Hash(\Delta) determined by an easily computable function h(\Delta; \Delta) from two binary sequences of respective lengths m and l to a binary sequence of length m in the manner that the message M = (M1 ; M2 ; :::; Mn ), where M i is of length l, is hashed to the hash value H = Hn of length m by computing recursively H i = h(H i\Gamma1 ; M i ) i = 1; 2; :::; n; (1) where H0 is a specified initial value. The function...
Cryptographic Hash Functions
 In Handbook of Information and Communication Security. Peter Stavroulakis, Mark Stamp, Editors. Springer First edition
"... Abstract. 1 This paper presents a new hash function design, which is different from the popular designs of the MD4family. Seen in the light of recent attacks on MD4, MD5, SHA0, SHA1, and on RIPEMD, there is a need to consider other hash function design strategies. The paper presents also a concre ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
(Show Context)
Abstract. 1 This paper presents a new hash function design, which is different from the popular designs of the MD4family. Seen in the light of recent attacks on MD4, MD5, SHA0, SHA1, and on RIPEMD, there is a need to consider other hash function design strategies. The paper presents also a concrete hash function design named SMASH. One version has a hash code of 256 bits and appears to be at least as fast as SHA256. 1
The collision security of TandemDM in the ideal cipher model
"... Abstract. We prove that TandemDM, one of the two “classical ” schemes for turning a blockcipher of 2nbit key into a double block length hash function, has birthdaytype collision resistance in the ideal cipher model. A collision resistance analysis for TandemDM achieving a similar birthdaytype b ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We prove that TandemDM, one of the two “classical ” schemes for turning a blockcipher of 2nbit key into a double block length hash function, has birthdaytype collision resistance in the ideal cipher model. A collision resistance analysis for TandemDM achieving a similar birthdaytype bound was already proposed by Fleischmann, Gorski and Lucks at FSE 2009 [3]. As we detail, however, the latter analysis is wrong, thus leaving the collision resistance of TandemDM as an open problem until now. 1
A Synthetic Indifferentiability Analysis of Some BlockCipherBased Hash Functions
, 2007
"... At ASIACRYPT’06, Chang et al. analyzed the indifferentiability of some popular hash functions based on block ciphers, namely, the twenty collision resistant PGV, the MDC2 and the PBGV hash functions, etc. In particular, two indifferentiable attacks were presented on the four of the twenty collision ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
(Show Context)
At ASIACRYPT’06, Chang et al. analyzed the indifferentiability of some popular hash functions based on block ciphers, namely, the twenty collision resistant PGV, the MDC2 and the PBGV hash functions, etc. In particular, two indifferentiable attacks were presented on the four of the twenty collision resistant PGV and the PBGV hash functions with the prefixfree padding. In this article, a synthetic indifferentiability analysis of some blockcipherbased hash functions is considered. First, a more precise definition is proposed on the indifferentiability adversary in blockcipherbased hash functions. Next, the advantage of indifferentiability is extended by considering whether the hash function is keyed or not. Finally, a limitation is observed in Chang et al.’s indifferentiable attacks on the four PGV and the PBGV hash functions. The formal proofs show the fact that those hash functions are indifferentiable from a random oracle in the ideal cipher model with the prefixfree padding, the NMAC/HMAC and the chop construction.