Annual International Conference on the Theory and Applications of Cryptographic Techniques

EUROCRYPT 2007: Advances in Cryptology - EUROCRYPT 2007 pp 34-51

The Collision Intractability of MDC-2 in the Ideal-Cipher Model

  • John P. Steinberger
Conference paper

DOI: 10.1007/978-3-540-72540-4_3

Volume 4515 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Steinberger J.P. (2007) The Collision Intractability of MDC-2 in the Ideal-Cipher Model. In: Naor M. (eds) Advances in Cryptology - EUROCRYPT 2007. EUROCRYPT 2007. Lecture Notes in Computer Science, vol 4515. Springer, Berlin, Heidelberg

Abstract

We provide the first proof of security for MDC-2, the most well-known construction for turning an n-bit blockcipher into a 2n-bit cryptographic hash function. Our result, which is in the ideal-cipher model, shows that MDC-2, when built from a blockcipher having blocklength and keylength n, has security much better than that delivered by any hash function that has an n-bit output. When the blocklength and keylength are n = 128 bits, as with MDC-2 based on AES-128, an adversary that asks fewer than 274.9 queries usually cannot find a collision.

Keywords

Collision-resistant hashingcryptographic hash functionsideal-cipher modelMDC-2
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • John P. Steinberger
    • 1
  1. 1.Dept. of MathematicsUniversity of CaliforniaDavisUSA