Results

**11 - 16**of**16**### This is the full version. Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance

, 2009

"... We consider basic notions of security for cryptographic hash functions: collision resistance, preimage resistance, and second-preimage resistance. We give seven different definitions that correspond to these three underlying ideas, and then we work out all of the implications and separations among t ..."

Abstract
- Add to MetaCart

We consider basic notions of security for cryptographic hash functions: collision resistance, preimage resistance, and second-preimage resistance. We give seven different definitions that correspond to these three underlying ideas, and then we work out all of the implications and separations among these seven definitions within the concrete-security, provable-security framework. Because our results are concrete, we can show two types of implications, conventional and provisional, where the strength of the latter depends on the amount of compression achieved by the hash function. We also distinguish two types of separations, conditional and unconditional. When constructing counterexamples for our separations, we are careful to preserve specified hash-function domains and ranges; this rules out some pathological counterexamples and makes the separations more meaningful in practice. Four of our definitions are standard while three appear to be new; some of our relations and separations have appeared, others have not. Here we give a modern treatment that acts to catalog, in one place and with carefully-considered nomenclature, the most basic security notions for cryptographic hash functions. Key words: collision resistance, cryptographic hash functions, preimage resistance, provable

### A New Tree Based Domain Extension of UOWHF

, 2003

"... We present a new binary tree based parallel algorithm for extending the domain of a UOWHF. The key length expansion is m(t + O(log (t))) bits. In particular, the key length expansion is 2m bits for t = 2; m(t + 1) bits for 3 t 6 and m(t + 2) bits for 7 t 134, where m is the length of the m ..."

Abstract
- Add to MetaCart

(Show Context)
We present a new binary tree based parallel algorithm for extending the domain of a UOWHF. The key length expansion is m(t + O(log (t))) bits. In particular, the key length expansion is 2m bits for t = 2; m(t + 1) bits for 3 t 6 and m(t + 2) bits for 7 t 134, where m is the length of the message digest and t 2 is the height of the binary tree. The previously best known binary tree algorithm required a key length expansion of m(t+blog 2 (t 1)c) bits. We also give a sucient condition for valid domain extension in sequental domain extension.

### A Sufficient Condition and an Optimal Domain Extension of UOWHF

, 2004

"... In this paper we will provide a non-trivial sufficient condition for UOWHF-preserving domain extension which will be very easy to verify. Using this result we can prove very easily that all known domain extension algorithms are valid. This will be a nice technique to prove a domain extension is vali ..."

Abstract
- Add to MetaCart

In this paper we will provide a non-trivial sufficient condition for UOWHF-preserving domain extension which will be very easy to verify. Using this result we can prove very easily that all known domain extension algorithms are valid. This will be a nice technique to prove a domain extension is valid. We also propose an optimal (w.r.t. both time complexity and key size) domain extension algorithm based on an incomplete binary tree. In Asiacrypt'03 [6] (also in [5]) author proposed a binary tree based domain extension of UOWHF. We will show that the binary tree based construction [5] is optimal in a subclass of full binary tree based domain extension. A full binary tree based...

### PAPER Special Section on Cryptography and Information Security PGV-Style Block-Cipher-Based Hash Families and Black-Box Analysis

, 2005

"... SUMMARY In [1] it was proved that 20 of 64 PGV hash functions [2] based on block cipher are collision-resistant and one-way in the black-box model of the underlying block cipher. Here, we generalize the definition of PGV-hash function into a hash family and we will prove that, aside from the previou ..."

Abstract
- Add to MetaCart

SUMMARY In [1] it was proved that 20 of 64 PGV hash functions [2] based on block cipher are collision-resistant and one-way in the black-box model of the underlying block cipher. Here, we generalize the definition of PGV-hash function into a hash family and we will prove that, aside from the previously reported 20 hash functions, we have 22 more collision-resistant and one-way hash families. As all these 42 families are keyed hash family, these are also target-collision-resistant. All these 42 hash families have tight upper and lower bounds on (target) collision-resistant and one-wayness. key words: hash function, block cipher, black-box model, provable security 1.