The Preimage Security of Double-Block-Length Compression Functions
- Cite this paper as:
- Armknecht F., Fleischmann E., Krause M., Lee J., Stam M., Steinberger J. (2011) The Preimage Security of Double-Block-Length Compression Functions. In: Lee D.H., Wang X. (eds) Advances in Cryptology – ASIACRYPT 2011. ASIACRYPT 2011. Lecture Notes in Computer Science, vol 7073. Springer, Berlin, Heidelberg
We present new techniques for deriving preimage resistance bounds for block cipher based double-block-length, double-call hash functions. We give improved bounds on the preimage security of the three “classical” double-block-length, double-call, block cipher-based compression functions, these being Abreast-DM, Tandem-DM and Hirose’s scheme. For Hirose’s scheme, we show that an adversary must make at least 22n − 5 block cipher queries to achieve chance 0.5 of inverting a randomly chosen point in the range. For Abreast-DM and Tandem-DM we show that at least 22n − 10 queries are necessary. These bounds improve upon the previous best bounds of Ω(2n) queries, and are optimal up to a constant factor since the compression functions in question have range of size 22n.