Domain Extension for Enhanced Target Collision-Resistant Hash Functions


We answer the question of Reyhanitabar et al. from FSE’09 of constructing a domain extension scheme for enhanced target collision-resistant (eTCR) hash functions with sublinear key expansion. The eTCR property, introduced by Halevi and Krawczyk [1], is a natural fit for hash-and-sign signature schemes, offering an attractive alternative to collision-resistant hash functions. We prove a new composition theorem for eTCR, and demonstrate that eTCR compression functions exist if and only if one-way functions do.