Optimal Collision Security in Double Block Length Hashing with Single Length Key

© 2016, Springer Science+Business Media New York. The idea of double block length hashing is to construct a compression function on 2n bits using a block cipher with an n-bit block size. All optimally secure double block length hash functions known in the literature employ a cipher with a key space of double block size, 2n-bit. On the other hand, no optimally secure compression functions built from a cipher with an n-bit key space are known. Our work deals with this problem. Firstly, we prove that for a wide class of compression functions with two calls to its underlying n-bit keyed block cipher collisions can be found in about 2 n/2 queries. This attack applies, among others, to functions where the output is derived from the block cipher outputs in a linear way. This observation demonstrates that all security results of designs using a cipher with 2n-bit key space crucially rely on the presence of these extra n key bits. The main contribution of this work is a proof that this issue can be resolved by allowing the compression function to make one extra call to the cipher. We propose a family of compression functions making three block cipher calls that asymptotically achieves optimal collision resistance up to 2 n(1-ε) queries and preimage resistance up to 2 3n(1-ε)/2 queries, for any ε> 0. To our knowledge, this is the first optimally collision secure double block length construction using a block cipher with single length key space. We additionally prove this class of functions indifferentiable from random functions in about 2 n/2 queries, and demonstrate that no other function in this direction achieves a bound of similar kind.

Jaar van publicatie:2017

BOF-keylabel:ja

IOF-keylabel:ja

BOF-publication weight:1

CSS-citation score:1

Authors from:Government, Higher Education

Toegankelijkheid:Closed