, Volume 23, Issue 4, pp 519545
An Analysis of the BlockcipherBased Hash Functions from PGV
 J. BlackAffiliated withDepartment of Computer Science, University of Colorado Email author
 , P. RogawayAffiliated withDepartment of Computer Science, University of California
 , T. ShrimptonAffiliated withDepartment of Computer Science, Portland State University
 , M. StamAffiliated withLACAL, School of Computer and Communication Sciences, EPFL
Rent the article at a discount
Rent now* Final gross prices may vary according to local VAT.
Get AccessAbstract
Preneel, Govaerts, and Vandewalle (1993) considered the 64 most basic ways to construct a hash function \(H{:\;\:}\{0,1\}^{*}\rightarrow \{0,1\}^{n}\) from a blockcipher \(E{:\;\:}\{0,1\}^{n}\times \{0,1\}^{n}\rightarrow \{0,1\}^{n}\). They regarded 12 of these 64 schemes as secure, though no proofs or formal claims were given. Here we provide a proofbased treatment of the PGV schemes. We show that, in the idealcipher model, the 12 schemes considered secure by PGV really are secure: we give tight upper and lower bounds on their collision resistance. Furthermore, by stepping outside of the Merkle–Damgård approach to analysis, we show that an additional 8 of the PGV schemes are just as collision resistant (up to a constant). Nonetheless, we are able to differentiate among the 20 collisionresistant schemes by considering their preimage resistance: only the 12 initial schemes enjoy optimal preimage resistance. Our work demonstrates that proving idealciphermodel bounds is a feasible and useful step for understanding the security of blockcipherbased hashfunction constructions.
Key words
Blockcipher Collisionresistant hash function Cryptographic hash function Idealcipher model Modes of operation Title
 An Analysis of the BlockcipherBased Hash Functions from PGV
 Journal

Journal of Cryptology
Volume 23, Issue 4 , pp 519545
 Cover Date
 201010
 DOI
 10.1007/s0014501090710
 Print ISSN
 09332790
 Online ISSN
 14321378
 Publisher
 SpringerVerlag
 Additional Links
 Topics
 Keywords

 Blockcipher
 Collisionresistant hash function
 Cryptographic hash function
 Idealcipher model
 Modes of operation
 Industry Sectors
 Authors

 J. Black ^{(1)}
 P. Rogaway ^{(2)}
 T. Shrimpton ^{(3)}
 M. Stam ^{(4)}
 Author Affiliations

 1. Department of Computer Science, University of Colorado, Boulder, CO, 80309, USA
 2. Department of Computer Science, University of California, Davis, CA, 95616, USA
 3. Department of Computer Science, Portland State University, Portland, OR, 97201, USA
 4. LACAL, School of Computer and Communication Sciences, EPFL, Station 14, Lausanne, 1015, Switzerland