## Higher Order Universal One-Way Hash Functions (2004)

Venue: | Asiacrypt'04, LNCS 3329 |

Citations: | 2 - 0 self |

### BibTeX

@INPROCEEDINGS{Hong04higherorder,

author = {Deukjo Hong and Bart Preneel and Sangjin Lee},

title = {Higher Order Universal One-Way Hash Functions},

booktitle = {Asiacrypt'04, LNCS 3329},

year = {2004},

pages = {201--213},

publisher = {Springer-Verlag}

}

### OpenURL

### Abstract

Abstract. Universal One-Way Hash Functions (UOWHFs) are families of cryptographic hash functions for which first a target input is chosen and subsequently a key which selects a member from the family. Their main security property is that it should be hard to find a second input that collides with the target input. This paper generalizes the concept of UOWHFs to UOWHFs of order r. We demonstrate that it is possible to build UOWHFs with much shorter keys than existing constructions from fixed-size UOWHFs of order r. UOWHFs of order r can be used both in the linear (r + 1)-round Merkle-Damg˚ard construction and in a tree construction.

### Citations

313 | Universal one-way hash functions and their cryptographic applications
- Naor, Yung
- 1989
(Show Context)
Citation Context ...tant Hash Function (CRHF), Universal One-Way Hash Function (UOWHF), Higher Order Universal One-Way Hash Function 1 Introduction Since the introduction of the notion of UOWHFs by Naor and Yung in 1989 =-=[5]-=-, it is widely believed that UOWHFs form an attractive alternative to CRHFs (Collision Resistant Hash Functions). The main requirement for a UOWHF is that it is hard to find a second preimage. First a... |

175 |
One way hash functions and DES
- Merkle
- 1990
(Show Context)
Citation Context ...ut strings of arbitrary length is to start from a compression function that compresses input strings of fixed length. For CRHFs, the Merkle-Damg˚ard construction is a widely used and efficient method =-=[2, 3]-=-. Both authors showed independently that it is sufficient for the hash function to be collision resistant that the compression function is. Damg˚ard also proposed a tree construction. Naor and Yung sh... |

97 |
Collision-Resistant Hashing: Towards Making UOWHFs Practical
- Bellare, Rogaway
- 1997
(Show Context)
Citation Context ...ation of this function may not be a UOWHF. Subsequently, provably secure constructions have been developed based on compression functions at the cost of an increase in key length. Bellare and Rogaway =-=[1]-=- propose two types of constructions. – The first type has a linear structure; two variants of the Merkle-Damg˚ard construction were shown to be secure: the basic linear hash and the XOR linear hash. L... |

75 | Cryptographic hash-function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance
- Rogaway, Shrimpton
- 2004
(Show Context)
Citation Context ...del of computation, when K ∈ Σ k and x ∈ Σ m . 2.2 Definitions of CRHF and UOWHF Recently, Rogaway and Shrimpton suggested seven simple and nice definitions of hash functions including CRHF and UOWHF =-=[6]-=-, but we prefer to use some games to define our objects and to describe our work. Definition 1 (CRHF). A hash function family H : Σ k × Σ m → Σ c , m ≥ c, is (t, ε)-CRHF if no adversary A wins in the ... |

72 | Finding collisions on a one-way street: Can secure hash functions be based on general assumptions
- Simon
- 1998
(Show Context)
Citation Context ...key is selected and subsequently a two colliding inputs need to be found; due to the birthday paradox, a black box approach for a CRHF with an n-bit result takes on average about 2 n/2 queries. Simon =-=[10]-=- has demonstrated that a UOWHF is a strictly weaker concept than a CRHF. UOWHFs can replace CRHFs in many applications; even for digital ⋆ Supported by Korea University Grant in 2003 year. ⋆⋆ A guest ... |

45 | A Composition Theorem for Universal One-Way Hash Functions - Shoup - 2000 |

16 | Hash functions: from Merkle-Damg˚ard to Shoup
- Mironov
- 2001
(Show Context)
Citation Context ...oted that one becomes vulnerable to attacks by the signers (who can cheat and choose the key before the target message). The concept of UOWHFs has been generalized by Zheng et al. [12] and by Mironov =-=[4]-=-. A standard approach to construct hash functions that take input strings of arbitrary length is to start from a compression function that compresses input strings of fixed length. For CRHFs, the Merk... |

6 | Domain Extender for UOWHF : A Generic Lower bound on key Expansion and a Binary Tree Algorithm . . IACR preprint server, http://eprint.iacr.org
- Sarkar
(Show Context)
Citation Context ...ure. Here the two constructions with a security proof are the basic tree hash and the XOR tree hash (they extend the work of [5]). XOR tree hash has subsequently been improved further, a.o. by Sarkar =-=[7, 8]-=- and by Lee et al. [11], who reduce the key size and extend these structures to higher dimensional parallel constructions. 1.1 Motivation The special UOWHF made by Bellare and Rogaway [1] loses its un... |

4 |
A Design Priciple for Hash Functions
- Damg˚ard
- 1989
(Show Context)
Citation Context ...is a collision for TRl[H](K, ·). We observe that there exist α ∈ {1, ..., l} and β ∈ {1, ..., d l−α } such that x (β−1)d+1 α−1 || · · · ||x βd α−1 x β α = y β α �= y(β−1)d+1 α−1 || · · · ||y βd α−1 . =-=(2)-=- � ¡s208 We will exploit this below. Assume that A = (A1, A2) is an adversary who breaks TRl[H] with inputs of equal-length in the UOWHF sense. We use it to make the adversary B = (B1, B2) who works i... |

4 |
Construction of UOWHF: Tree Hashing Revisited,” Cryptology ePrint Archive
- Sarkar
(Show Context)
Citation Context ...ure. Here the two constructions with a security proof are the basic tree hash and the XOR tree hash (they extend the work of [5]). XOR tree hash has subsequently been improved further, a.o. by Sarkar =-=[7, 8]-=- and by Lee et al. [11], who reduce the key size and extend these structures to higher dimensional parallel constructions. 1.1 Motivation The special UOWHF made by Bellare and Rogaway [1] loses its un... |

3 |
Connections between several versions of oneway hash functions
- Zheng, Matsumoto, et al.
- 1990
(Show Context)
Citation Context ..., but it should be noted that one becomes vulnerable to attacks by the signers (who can cheat and choose the key before the target message). The concept of UOWHFs has been generalized by Zheng et al. =-=[12]-=- and by Mironov [4]. A standard approach to construct hash functions that take input strings of arbitrary length is to start from a compression function that compresses input strings of fixed length. ... |

2 |
New parallel domain extenders for
- Lee, Chang, et al.
- 2003
(Show Context)
Citation Context ...ctions with a security proof are the basic tree hash and the XOR tree hash (they extend the work of [5]). XOR tree hash has subsequently been improved further, a.o. by Sarkar [7, 8] and by Lee et al. =-=[11]-=-, who reduce the key size and extend these structures to higher dimensional parallel constructions. 1.1 Motivation The special UOWHF made by Bellare and Rogaway [1] loses its universal onewayness when... |