Results 1 
2 of
2
Amplifying Collision Resistance: A ComplexityTheoretic Treatment
 Advances in Cryptology — Crypto 2007, Volume 4622 of Lecture
"... Abstract. We initiate a complexitytheoretic treatment of hardness amplification for collisionresistant hash functions, namely the transformation of weakly collisionresistant hash functions into strongly collisionresistant ones in the standard model of computation. We measure the level of collisi ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
Abstract. We initiate a complexitytheoretic treatment of hardness amplification for collisionresistant hash functions, namely the transformation of weakly collisionresistant hash functions into strongly collisionresistant ones in the standard model of computation. We measure the level of collision resistance by the maximum probability, over the choice of the key, for which an efficient adversary can find a collision. The goal is to obtain constructions with short output, short keys, small loss in adversarial complexity tolerated, and a good tradeoff between compression ratio and computational complexity. We provide an analysis of several simple constructions, and show that many of the parameters achieved by our constructions are almost optimal in some sense.
Compression from collisions, or why CRHF combiners have a long output
 Advances in Cryptology – CRYPTO 2008. Lecture Notes in Computer Science
, 2004
"... Abstract. A blackbox combiner for collision resistant hash functions (CRHF) is a construction which given blackbox access to two hash functions is collision resistant if at least one of the components is collision resistant. In this paper we prove a lower bound on the output length of blackbox co ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
(Show Context)
Abstract. A blackbox combiner for collision resistant hash functions (CRHF) is a construction which given blackbox access to two hash functions is collision resistant if at least one of the components is collision resistant. In this paper we prove a lower bound on the output length of blackbox combiners for CRHFs. The bound we prove is basically tight as it is achieved by a recent construction of Canetti et al [Crypto’07]. The best previously known lower bounds only ruled out a very restricted class of combiners having a very strong security reduction: the reduction was required to output collisions for both underlying candidate hashfunctions given a single collision for the combiner (Canetti et al [Crypto’07] building on Boneh and Boyen [Crypto’06] and Pietrzak [Eurocrypt’07]). Our proof uses a lemma similar to the elegant “reconstruction lemma ” of Gennaro and Trevisan [FOCS’00], which states that any function which is not oneway is compressible (and thus uniformly random function must be oneway). In a similar vein we show that a function which is not collision resistant is compressible. We also borrow ideas from recent work by Haitner et al. [FOCS’07], who show that one can prove the reconstruction lemma even relative to some very powerful oracles (in our case this will be an exponential time collisionfinding oracle). 1