Abstract
A hash function secure in the indifferentiability framework (TCC 2004) is able to resist all meaningful generic attacks. Such hash functions also play a crucial role in establishing the security of protocols that use them as random functions. To eliminate multi-collision type attacks on the Merkle–Damgård mode (Crypto 1989), Lucks proposed widening the size of the internal state of hash functions (Asiacrypt 2005). The fast wide pipe (FWP) hash mode was introduced by Nandi and Paul at Indocrypt 2010, as a faster variant of Lucks' wide pipe mode. Despite the higher speed, the proven indifferentiability bound of the FWP mode has so far been only up to the birthday barrier of
References
1 E. Andreeva, C. Bouillaguet, P.-A. Fouque, J. J. Hoch, J. Kelsey, A. Shamir and S. Zimmer, Second preimage attacks on dithered hash functions, Advances in Cryptology (EUROCRYPT 2008), Lecture Notes in Comput. Sci. 4965, Springer, Berlin (2008), 270–288. 10.1007/978-3-540-78967-3_16Search in Google Scholar
2 E. Andreeva, A. Luykx and B. Mennink, Provable security of BLAKE with non-ideal compression function, Selected Areas in Cryptography (SAC 2012), Lecture Notes in Comput. Sci. 7707, Springer, Berlin (2013), 321–338. 10.1007/978-3-642-35999-6_21Search in Google Scholar
3 E. Andreeva, B. Mennink and B. Preneel, On the indifferentiability of the Grøstl hash function, Security and Cryptography for Networks (SCN 2010), Lecture Notes in Comput. Sci. 6280, Springer, Berlin (2010), 88–105. 10.1007/978-3-642-15317-4_7Search in Google Scholar
4 E. Andreeva, B. Mennink and B. Preneel, The Parazoa family: Generalizing the Sponge hash functions, Int. J. Inform. Security 11 (2012), 3, 149–165. 10.1007/s10207-012-0157-6Search in Google Scholar
5 M. Bellare and T. Ristenpart, Multi-property-preserving hash domain extension and the EMD transform, Advances in Cryptology (ASIACRYPT 2006), Lecture Notes in Comput. Sci. 4284, Springer, Berlin (2006), 299–314. 10.1007/11935230_20Search in Google Scholar
6 G. Bertoni, J. Daemen, M. Peeters and G. Van Assche, Sponge functions, preprint 2007, http://sponge.noekeon.org/SpongeFunctions.pdf. Search in Google Scholar
7 G. Bertoni, J. Daemen, M. Peeters and G. Van Assche, On the indifferentiability of the Sponge construction, Advances in Cryptology (ASIACRYPT 2008), Lecture Notes in Comput. Sci. 4965, Springer, Berlin (2008), 181–197. 10.1007/978-3-540-78967-3_11Search in Google Scholar
8 R. Bhattacharyya, A. Mandal and M. Nandi, Security analysis of the mode of JH hash function, Fast Software Encryption (FSE 2010), Lecture Notes in Comput. Sci. 6147, Springer, Berlin (2010), 168–191. 10.1007/978-3-642-13858-4_10Search in Google Scholar
9 E. Biham and O. Dunkelman, A framework for iterative hash functions – HAIFA, preprint 2007, https://eprint.iacr.org/2007/278. Search in Google Scholar
10 S. R. Blackburn, D. R. Stinson and J. Upadhyay, On the complexity of the herding attack and some related attacks on hash functions, Des. Codes Cryptogr. 64 (2012), 1–2, 171–193. 10.1007/s10623-010-9481-xSearch in Google Scholar
11 E. Bresson, A. Canteaut, B. Chevallier-Mames, C. Clavier, T. Fuhr, A. Gouget, T. Icart, J.-F. Misarsky, M. Naya-Plasencia, P. Paillier, T. Pornin, J.-R. Reinhard, C. Thuillet and M. Videau, Indifferentiability with distinguishers: Why Shabal does not require ideal ciphers, preprint 2009, https://eprint.iacr.org/2009/199. Search in Google Scholar
12 D. Chang and M. Nandi, Improved indifferentiability security analysis of chopMD hash function, Fast Software Encryption (FSE 2008), Lecture Notes in Comput. Sci. 5086, Springer, Berlin (2008), 429–443. 10.1007/978-3-540-71039-4_27Search in Google Scholar
13 D. Chang, M. Nandi and M. Yung, Indifferentiability of the hash algorithm BLAKE, preprint 2011, https://eprint.iacr.org/2011/623Search in Google Scholar
14 J.-S. Coron, Optimal security proofs for PSS and other signature schemes, Advances in Cryptology (EUROCRYPT 2002), Lecture Notes in Comput. Sci. 2332, Springer, Berlin (2002), 272–287. 10.1007/3-540-46035-7_18Search in Google Scholar
15 J.-S. Coron, Y. Dodis, C. Malinaud and P. Puniya, Merkle–Damgård revisited: How to construct a hash function, Advances in Cryptology (CRYPTO 2005), Lecture Notes in Comput. Sci. 3621, Springer, Berlin (2005), 430–448. 10.1007/11535218_26Search in Google Scholar
16 I. Damgård, A design principle for hash functions, Advances in Cryptology (CRYPTO '89), Lecture Notes in Comput. Sci. 435, Springer, Berlin (1990), 416–427. 10.1007/0-387-34805-0_39Search in Google Scholar
17 E. Fleischmann, M. Gorski and S. Lucks, Some observations on indifferentiability, Information Security and Privacy (ACISP 2010), Lecture Notes in Compu. Sci. 6168, Springer, Berlin (2010), 117–134. 10.1007/978-3-642-14081-5_8Search in Google Scholar
18 P. Gauravaram, L. Knudsen, K. Matusiewicz, F. Mendel, C. Rechberger, M. Schlaffer and S. Thomsen, Grøstl – A SHA-3 candidate, preprint 2011, www.groestl.info/Groestl.pdf. Search in Google Scholar
19 S. Hirose, J. H. Park and A. Yun, A simple variant of the Merkle–Damgård scheme with a permutation, Advances in Cryptology (ASIACRYPT 2007), Lecture Notes in Comput. Sci. 4833, Springer, Berlin (2007), 113–129. 10.1007/978-3-540-76900-2_7Search in Google Scholar
20 J. J. Hoch and A. Shamir, Breaking the ice – Finding multicollisions in iterated concatenated and expanded (ICE) hash functions, Fast Software Encryption (FSE 2006), Lecture Notes in Comput. Sci. 4047, Springer, Berlin (2006), 179–194. 10.1007/11799313_12Search in Google Scholar
21 A. Joux, Multicollisions in iterated hash functions: Application to cascaded constructions, Advances in Cryptology (CRYPTO 2004), Lecture Notes in Comput. Sci. 3152, Springer, Berlin (2004), 306–316. 10.1007/978-3-540-28628-8_19Search in Google Scholar
22 J. Kelsey and T. Kohno, Herding hash functions and the Nostradamus attack, Advances in Cryptology (EUROCRYPT 2006), Lecture Notes in Comput. Sci. 4004, Springer, Berlin (2006), 183–200. 10.1007/11761679_12Search in Google Scholar
23 J. Kelsey and B. Schneier, Second preimages on n-bit hash functions for much less than 2n work, Advances in Cryptology (EUROCRYPT 2005), Lecture Notes in Comput. Sci. 3494, Springer, Berlin (2005), 474–490. Search in Google Scholar
24 S. Lucks, A failure-friendly design principle for hash functions, Advances in Cryptology (ASIACRYPT 2005), Lecture Notes in Comput. Sci. 3788, Springer, Berlin (2005), 474–494. 10.1007/11593447_26Search in Google Scholar
25 U. M. Maurer, R. Renner and C. Holenstein, Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology, Theory of Cryptography (TCC 2004), Lecture Notes in Comput. Sci. 2951, Springer, Berlin (2004), 21–39. 10.1007/978-3-540-24638-1_2Search in Google Scholar
26 R. C. Merkle, One way hash functions and DES, Advances in Cryptologyn (CRYPTO '89), Lecture Notes in Comput. Sci. 435, Springer, Berlin (1990), 428–446. 10.1007/0-387-34805-0_40Search in Google Scholar
27 D. Moody, S. Paul and D. Smith-Tone, Improved indifferentiability security bound for the JH mode, Des. Codes Cryptography 79 (2016), 2, 237–259. 10.1007/s10623-015-0047-9Search in Google Scholar
28 M. Nandi and S. Paul, Speeding up the wide-pipe: Secure and fast hashing, Progress in Cryptology (INDOCRYPT 2010), Lecture Notes in Comput. Sci. 6498, Springer, Berlin (2010), 144–162. 10.1007/978-3-642-17401-8_12Search in Google Scholar
29 M. Nandi and D. R. Stinson, Multicollision attacks on some generalized sequential hash functions, IEEE Trans. Inform. Theory 53 (2007), 759–767. 10.1109/TIT.2006.889721Search in Google Scholar
30 T. Ristenpart, H. Shacham and T. Shrimpton, Careful with composition: Limitations of the indifferentiability framework, Advances in Cryptology (EUROCRYPT 2011), Lecture Notes in Comput. Sci. 6632, Springer, Berlin (2011), 487–506. 10.1007/978-3-642-20465-4_27Search in Google Scholar
31 V. Shoup, OAEP reconsidered, Advances in Cryptology (CRYPTO 2001), Lecture Notes in Comput. Sci. 2139, Springer, Berlin (2001), 239–259. 10.1007/3-540-44647-8_15Search in Google Scholar
32 D. Smith-Tone and C. Tone, A measure of dependence for cryptographic primitives relative to ideal functions, Rocky Mountain J. Math. 45 (2015), 1283–1309. 10.1216/RMJ-2015-45-4-1283Search in Google Scholar
33 H. Wu, The JH hash function, preprint 2009, http://ehash.iaik.tugraz.at/uploads/1/1d/Jh20090915.pdf. Search in Google Scholar
© 2016 by De Gruyter
This article is distributed under the terms of the Creative Commons Attribution Non-Commercial License, which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.
