The suffix-free-prefix-free hash function construction and its indifferentiability security analysis

In this paper, we observe that in the seminal work on indifferentiability analysis of iterated hash functions by Coron et al. and in subsequent works, the initial value of hash functions is fixed . In addition, these indifferentiability results do not depend on the Merkle–Damgård (MD) strengthening...

Full description

Saved in:
Bibliographic Details
Published inInternational journal of information security Vol. 11; no. 6; pp. 419 - 434
Main Authors Bagheri, Nasour, Gauravaram, Praveen, Knudsen, Lars R., Zenner, Erik
Format Journal Article
LanguageEnglish
Published Berlin/Heidelberg Springer-Verlag 01.11.2012
Springer Nature B.V
Subjects
Chaining
Coding and Information Theory
Communications Engineering
Compressing
Computer Communication Networks
Computer information security
Computer Science
Construction
Cryptology
Hash based algorithms
Management of Computing and Information Systems
Mathematical functions
Mathematics
Networks
Operating Systems
Regular Contribution
Security
Strengthening
Studies
Merkle–Damgård
Indifferentiability
MD strengthening
Random oracle
SFPF
Online AccessGet full text

Cover

More Information
Summary:In this paper, we observe that in the seminal work on indifferentiability analysis of iterated hash functions by Coron et al. and in subsequent works, the initial value of hash functions is fixed . In addition, these indifferentiability results do not depend on the Merkle–Damgård (MD) strengthening in the padding functionality of the hash functions. We propose a generic -bit-iterated hash function framework based on an -bit compression function called suffix-free-prefix-free (SFPF) that works for arbitrary s and does not possess MD strengthening . We formally prove that SFPF is indifferentiable from a random oracle (RO) when the compression function is viewed as a fixed input-length random oracle (FIL-RO). We show that some hash function constructions proposed in the literature fit in the SFPF framework while others that do not fit in this framework are not indifferentiable from a RO. We also show that the SFPF hash function framework with the provision of MD strengthening generalizes any -bit-iterated hash function based on an -bit compression function and with an -bit chaining value that is proven indifferentiable from a RO.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 23
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-012-0175-4