Skip to content
BY-NC-ND 3.0 license Open Access Published by De Gruyter July 14, 2015

Two-permutation-based hashing with binary mixing

Atul Luykx EMAIL logo , Bart Mennink , Bart Preneel and Laura Winnen


We consider the generic design of compression functions based on two n-bit permutations and XOR-based mixing functions. It is known that any such function mapping n+α to α bits, with 1αn, can achieve at most min{2α/2,2n/2-α/4} collision security. Using techniques similar to Mennink and Preneel [CRYPTO 2012, Lecture Notes in Comput. Sci. 7417, Springer, Heidelberg (2012), 330–347], we show that there is only one equivalence class of these functions achieving optimal collision security, and additionally min{2α,2n/2} preimage security. The equivalence class compares well with existing functions based on two or three permutations, and is well-suited for wide-pipe hashing.

MSC: 94A60

Funding source: Research Council KU Leuven

Award Identifier / Grant number: GOA TENSE (GOA/11/007)

Funding source: Institute for the Promotion of Innovation through Science and Technology in Flanders (IWT-Vlaanderen)

Funding source: Research Foundation – Flanders (FWO)

The authors would like to thank the anonymous reviewers of the Journal of Mathematical Cryptology for their comments and suggestions.

Received: 2015-3-17
Accepted: 2015-7-3
Published Online: 2015-7-14
Published in Print: 2015-10-1

© 2015 by De Gruyter

This article is distributed under the terms of the Creative Commons Attribution Non-Commercial License, which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.

Downloaded on 10.12.2022 from
Scroll Up Arrow