Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Journal of Mathematical Cryptology

Managing Editor: Magliveras, Spyros S. / Steinwandt, Rainer / Trung, Tran

Editorial Board: Blackburn, Simon R. / Blundo, Carlo / Burmester, Mike / Cramer, Ronald / Dawson, Ed / Gilman, Robert / Gonzalez Vasco, Maria Isabel / Grosek, Otokar / Helleseth, Tor / Kim, Kwangjo / Koblitz, Neal / Kurosawa, Kaoru / Lauter, Kristin / Lange, Tanja / Menezes, Alfred / Nguyen, Phong Q. / Pieprzyk, Josef / Rötteler, Martin / Safavi-Naini, Rei / Shparlinski, Igor E. / Stinson, Doug / Takagi, Tsuyoshi / Williams, Hugh C. / Yung, Moti

4 Issues per year


CiteScore 2017: 1.43

SCImago Journal Rank (SJR) 2017: 0.293
Source Normalized Impact per Paper (SNIP) 2017: 1.117

Mathematical Citation Quotient (MCQ) 2017: 0.51

Online
ISSN
1862-2984
See all formats and pricing
More options …
Volume 10, Issue 2

Issues

Indifferentiability security of the fast wide pipe hash: Breaking the birthday barrier

Dustin Moody / Souradyuti Paul / Daniel Smith-Tone
  • Corresponding author
  • NIST, Computer Security Division, Gaithersburg, Maryland; and Department of Mathematics, University of Louisville, Louisville, Kentucky, USA
  • Email
  • Other articles by this author:
  • De Gruyter OnlineGoogle Scholar
Published Online: 2016-04-21 | DOI: https://doi.org/10.1515/jmc-2014-0044

Abstract

A hash function secure in the indifferentiability framework (TCC 2004) is able to resist all meaningful generic attacks. Such hash functions also play a crucial role in establishing the security of protocols that use them as random functions. To eliminate multi-collision type attacks on the Merkle–Damgård mode (Crypto 1989), Lucks proposed widening the size of the internal state of hash functions (Asiacrypt 2005). The fast wide pipe (FWP) hash mode was introduced by Nandi and Paul at Indocrypt 2010, as a faster variant of Lucks' wide pipe mode. Despite the higher speed, the proven indifferentiability bound of the FWP mode has so far been only up to the birthday barrier of n/2 bits. The main result of this paper is the improvement of the FWP bound to 2n/3 bits (up to an additive constant). We also provide evidence that the bound may be extended beyond 2n/3 bits.

Keywords: Indifferentiability; birthday barrier; fast wide pipe

MSC: 94A60

References

  • 1

    E. Andreeva, C. Bouillaguet, P.-A. Fouque, J. J. Hoch, J. Kelsey, A. Shamir and S. Zimmer, Second preimage attacks on dithered hash functions, Advances in Cryptology (EUROCRYPT 2008), Lecture Notes in Comput. Sci. 4965, Springer, Berlin (2008), 270–288. Google Scholar

  • 2

    E. Andreeva, A. Luykx and B. Mennink, Provable security of BLAKE with non-ideal compression function, Selected Areas in Cryptography (SAC 2012), Lecture Notes in Comput. Sci. 7707, Springer, Berlin (2013), 321–338. Google Scholar

  • 3

    E. Andreeva, B. Mennink and B. Preneel, On the indifferentiability of the Grøstl hash function, Security and Cryptography for Networks (SCN 2010), Lecture Notes in Comput. Sci. 6280, Springer, Berlin (2010), 88–105. Google Scholar

  • 4

    E. Andreeva, B. Mennink and B. Preneel, The Parazoa family: Generalizing the Sponge hash functions, Int. J. Inform. Security 11 (2012), 3, 149–165. Google Scholar

  • 5

    M. Bellare and T. Ristenpart, Multi-property-preserving hash domain extension and the EMD transform, Advances in Cryptology (ASIACRYPT 2006), Lecture Notes in Comput. Sci. 4284, Springer, Berlin (2006), 299–314. Google Scholar

  • 6

    G. Bertoni, J. Daemen, M. Peeters and G. Van Assche, Sponge functions, preprint 2007, http://sponge.noekeon.org/SpongeFunctions.pdf.

  • 7

    G. Bertoni, J. Daemen, M. Peeters and G. Van Assche, On the indifferentiability of the Sponge construction, Advances in Cryptology (ASIACRYPT 2008), Lecture Notes in Comput. Sci. 4965, Springer, Berlin (2008), 181–197. Google Scholar

  • 8

    R. Bhattacharyya, A. Mandal and M. Nandi, Security analysis of the mode of JH hash function, Fast Software Encryption (FSE 2010), Lecture Notes in Comput. Sci. 6147, Springer, Berlin (2010), 168–191. Google Scholar

  • 9

    E. Biham and O. Dunkelman, A framework for iterative hash functions – HAIFA, preprint 2007, https://eprint.iacr.org/2007/278.

  • 10

    S. R. Blackburn, D. R. Stinson and J. Upadhyay, On the complexity of the herding attack and some related attacks on hash functions, Des. Codes Cryptogr. 64 (2012), 1–2, 171–193. Web of ScienceGoogle Scholar

  • 11

    E. Bresson, A. Canteaut, B. Chevallier-Mames, C. Clavier, T. Fuhr, A. Gouget, T. Icart, J.-F. Misarsky, M. Naya-Plasencia, P. Paillier, T. Pornin, J.-R. Reinhard, C. Thuillet and M. Videau, Indifferentiability with distinguishers: Why Shabal does not require ideal ciphers, preprint 2009, https://eprint.iacr.org/2009/199.

  • 12

    D. Chang and M. Nandi, Improved indifferentiability security analysis of chopMD hash function, Fast Software Encryption (FSE 2008), Lecture Notes in Comput. Sci. 5086, Springer, Berlin (2008), 429–443. Google Scholar

  • 13

    D. Chang, M. Nandi and M. Yung, Indifferentiability of the hash algorithm BLAKE, preprint 2011, https://eprint.iacr.org/2011/623

  • 14

    J.-S. Coron, Optimal security proofs for PSS and other signature schemes, Advances in Cryptology (EUROCRYPT 2002), Lecture Notes in Comput. Sci. 2332, Springer, Berlin (2002), 272–287. Google Scholar

  • 15

    J.-S. Coron, Y. Dodis, C. Malinaud and P. Puniya, Merkle–Damgård revisited: How to construct a hash function, Advances in Cryptology (CRYPTO 2005), Lecture Notes in Comput. Sci. 3621, Springer, Berlin (2005), 430–448. Google Scholar

  • 16

    I. Damgård, A design principle for hash functions, Advances in Cryptology (CRYPTO '89), Lecture Notes in Comput. Sci. 435, Springer, Berlin (1990), 416–427. Google Scholar

  • 17

    E. Fleischmann, M. Gorski and S. Lucks, Some observations on indifferentiability, Information Security and Privacy (ACISP 2010), Lecture Notes in Compu. Sci. 6168, Springer, Berlin (2010), 117–134. Google Scholar

  • 18

    P. Gauravaram, L. Knudsen, K. Matusiewicz, F. Mendel, C. Rechberger, M. Schlaffer and S. Thomsen, Grøstl – A SHA-3 candidate, preprint 2011, www.groestl.info/Groestl.pdf.

  • 19

    S. Hirose, J. H. Park and A. Yun, A simple variant of the Merkle–Damgård scheme with a permutation, Advances in Cryptology (ASIACRYPT 2007), Lecture Notes in Comput. Sci. 4833, Springer, Berlin (2007), 113–129. Google Scholar

  • 20

    J. J. Hoch and A. Shamir, Breaking the ice – Finding multicollisions in iterated concatenated and expanded (ICE) hash functions, Fast Software Encryption (FSE 2006), Lecture Notes in Comput. Sci. 4047, Springer, Berlin (2006), 179–194. Google Scholar

  • 21

    A. Joux, Multicollisions in iterated hash functions: Application to cascaded constructions, Advances in Cryptology (CRYPTO 2004), Lecture Notes in Comput. Sci. 3152, Springer, Berlin (2004), 306–316. Google Scholar

  • 22

    J. Kelsey and T. Kohno, Herding hash functions and the Nostradamus attack, Advances in Cryptology (EUROCRYPT 2006), Lecture Notes in Comput. Sci. 4004, Springer, Berlin (2006), 183–200. Google Scholar

  • 23

    J. Kelsey and B. Schneier, Second preimages on n-bit hash functions for much less than 2n work, Advances in Cryptology (EUROCRYPT 2005), Lecture Notes in Comput. Sci. 3494, Springer, Berlin (2005), 474–490. Google Scholar

  • 24

    S. Lucks, A failure-friendly design principle for hash functions, Advances in Cryptology (ASIACRYPT 2005), Lecture Notes in Comput. Sci. 3788, Springer, Berlin (2005), 474–494. Google Scholar

  • 25

    U. M. Maurer, R. Renner and C. Holenstein, Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology, Theory of Cryptography (TCC 2004), Lecture Notes in Comput. Sci. 2951, Springer, Berlin (2004), 21–39. Google Scholar

  • 26

    R. C. Merkle, One way hash functions and DES, Advances in Cryptologyn (CRYPTO '89), Lecture Notes in Comput. Sci. 435, Springer, Berlin (1990), 428–446. Google Scholar

  • 27

    D. Moody, S. Paul and D. Smith-Tone, Improved indifferentiability security bound for the JH mode, Des. Codes Cryptography 79 (2016), 2, 237–259. Google Scholar

  • 28

    M. Nandi and S. Paul, Speeding up the wide-pipe: Secure and fast hashing, Progress in Cryptology (INDOCRYPT 2010), Lecture Notes in Comput. Sci. 6498, Springer, Berlin (2010), 144–162. Google Scholar

  • 29

    M. Nandi and D. R. Stinson, Multicollision attacks on some generalized sequential hash functions, IEEE Trans. Inform. Theory 53 (2007), 759–767. Web of ScienceGoogle Scholar

  • 30

    T. Ristenpart, H. Shacham and T. Shrimpton, Careful with composition: Limitations of the indifferentiability framework, Advances in Cryptology (EUROCRYPT 2011), Lecture Notes in Comput. Sci. 6632, Springer, Berlin (2011), 487–506. Google Scholar

  • 31

    V. Shoup, OAEP reconsidered, Advances in Cryptology (CRYPTO 2001), Lecture Notes in Comput. Sci. 2139, Springer, Berlin (2001), 239–259. Google Scholar

  • 32

    D. Smith-Tone and C. Tone, A measure of dependence for cryptographic primitives relative to ideal functions, Rocky Mountain J. Math. 45 (2015), 1283–1309. Web of ScienceGoogle Scholar

  • 33

    H. Wu, The JH hash function, preprint 2009, http://ehash.iaik.tugraz.at/uploads/1/1d/Jh20090915.pdf.

About the article

Received: 2014-12-22

Revised: 2015-12-04

Accepted: 2016-04-05

Published Online: 2016-04-21

Published in Print: 2016-06-01


Citation Information: Journal of Mathematical Cryptology, Volume 10, Issue 2, Pages 101–133, ISSN (Online) 1862-2984, ISSN (Print) 1862-2976, DOI: https://doi.org/10.1515/jmc-2014-0044.

Export Citation

© 2016 by De Gruyter.Get Permission

Comments (0)

Please log in or register to comment.
Log in