Indifferentiability security of the fast wide pipe hash: Breaking the birthday barrier

A hash function secure in the (TCC 2004) is able to resist meaningful generic attacks. Such hash functions also play a crucial role in establishing the security of protocols that use them as random functions. To eliminate multi-collision type attacks on the Merkle–Damgård mode (Crypto 1989), Lucks p...

Full description

Saved in:
Bibliographic Details
Published inJournal of mathematical cryptology Vol. 10; no. 2; pp. 101 - 133
Main Authors Moody, Dustin, Paul, Souradyuti, Smith-Tone, Daniel
Format Journal Article
LanguageEnglish
Published Berlin De Gruyter 01.06.2016
Walter de Gruyter GmbH
Subjects
94A60
birthday barrier
Cryptography
Cybersecurity
fast wide pipe
Indifferentiability
Mathematics
Online AccessGet full text

Cover

More Information
Summary:A hash function secure in the (TCC 2004) is able to resist meaningful generic attacks. Such hash functions also play a crucial role in establishing the security of protocols that use them as random functions. To eliminate multi-collision type attacks on the Merkle–Damgård mode (Crypto 1989), Lucks proposed widening the size of the internal state of hash functions (Asiacrypt 2005). The fast wide pipe (FWP) hash mode was introduced by Nandi and Paul at Indocrypt 2010, as a faster variant of Lucks' wide pipe mode. Despite the higher speed, the proven indifferentiability bound of the FWP mode has so far been only up to the birthday barrier of bits. The main result of this paper is the improvement of the FWP bound to bits (up to an additive constant). We also provide evidence that the bound may be extended beyond bits.
ISSN:1862-2976
1862-2984
DOI:10.1515/jmc-2014-0044