Skip to main content
SpringerLink
Log in

How (Not) to Efficiently Dither Blockcipher-Based Hash Functions?

  • Conference paper
Progress in Cryptology – AFRICACRYPT 2008 (AFRICACRYPT 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5023))

Included in the following conference series:

Abstract

In the context of iterated hash functions, “dithering” designates the technique of adding an iteration-dependent input to the compression function in order to defeat certain generic attacks. The purpose of this paper is to identify methods for dithering blockcipher-based hash functions that provide security bounds and efficiency, contrary to the previous proposals. We considered 56 different constructions, based on the 12 secure PGV schemes. Proofs are given in the blackbox model that 12 of them preserve the bounds on collision and inversion resistance given by Black et al. These 12 schemes avoid the need for short dither values, induce negligible extra-computation, and achieve security independent of the dither sequence used. We also identify 8 schemes that lead to strong compression functions but potentially insecure hash functions. Application of our results can be considered to popular hash functions like SHA-1 or Whirlpool.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Andreeva, E., Bouillaguet, C., Fouque, P.-A., Hoch, J., Kelsey, J., Shamir, A., Zimmer, S.: Second preimage attacks on dithered hash functions. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  2. Barreto, P., Rijmen, V.: The Whirlpool hashing function. First Open NESSIE Workshop (2000)

    Google Scholar 

  3. Bernstein, D.J.: The Rumba20 compression function. In: Function introduced in [4], http://cr.yp.to/rumba20.html

  4. Bernstein, D.J.: What output size resists collisions in a xor of independent expansions? In: ECRYPT Workshop on Hash Functions (2007) see, http://cr.yp.to/rumba20.html#expandxor

  5. Biham, E.: Recent advances in hash functions - the way to go. In: ECRYPT Hash Function Workshop (2005)

    Google Scholar 

  6. Biham, E., Dunkelman, O.: A framework for iterative hash functions - HAIFA. In: Cryptology ePrint Archive, Report 2007/278 (2007); Previously presented at the second NIST Hash Function Workshop (2006)

    Google Scholar 

  7. Biryukov, A., Wagner, D.: Slide attacks. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 245–259. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  8. Black, J., Cochran, M., Shrimpton, T.: On the impossibility of highly-efficient blockcipher-based hash functions. In: Cramer [15], pp. 526–541

    Google Scholar 

  9. Black, J., Rogaway, P., Shrimpton, T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. Cryptology ePrint Archive, Report 2002/066, Full version of [10] (2002)

    Google Scholar 

  10. Black, J., Rogaway, P., Shrimpton, T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 330–335. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  11. Boneh, D., Boyen, X.: On the impossibility of efficiently combining collision resistant hash functions. In: Dwork [18], pp. 570–583

    Google Scholar 

  12. Bouillaguet, C., Fouque, P.-A., Shamir, A., Zimmer, S.: Second preimage attacks on dithered hash functions. Cryptology ePrint Archive, Report 2007/395. See also [1].

    Google Scholar 

  13. Brassard, G. (ed.): CRYPTO 1989. LNCS, vol. 435. Springer, Heidelberg (1990)

    MATH  Google Scholar 

  14. Chang, D., Gupta, K.C., Nandi, M.: A new hash function based on RC4. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 80–94. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  15. Cramer, R.J.F. (ed.): EUROCRYPT 2005. LNCS, vol. 3494. Springer, Heidelberg (2005)

    MATH  Google Scholar 

  16. Damgård, I.: A design principle for hash functions. In: Brassard [13], pp. 416–427.

    Google Scholar 

  17. Dean, R.D.: Formal Aspects of Mobile Code Security. PhD thesis, Princeton University (1999)

    Google Scholar 

  18. Dwork, C. (ed.): CRYPTO 2006. LNCS, vol. 4117. Springer, Heidelberg (2006)

    MATH  Google Scholar 

  19. Filho, D.G., Barreto, P., Rijmen, V.: The Maelstrom-0 hash function. In: 6th Brazilian Symposium on Information and Computer Security (2006)

    Google Scholar 

  20. Gauravaram, P., Kelsey, J.: Cryptanalysis of a class of cryptographic hash functions. In: Cryptology ePrint Archive, Report 2007/277 (2007)

    Google Scholar 

  21. Halevi, S., Krawczyk, H.: Strengthening digital signatures via randomized hashing. In: Dwork [18], pp. 41–59

    Google Scholar 

  22. Joux, A.: Multicollisions in iterated hash functions. application to cascaded constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)

    Google Scholar 

  23. Kelsey, J., Kohno, T.: Herding hash functions and the Nostradamus attack. In: First NIST Cryptographic Hash Function Workshop (2005)

    Google Scholar 

  24. Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than 2n work. In: Cramer [15], pp. 474–490

    Google Scholar 

  25. Knudsen, L.: Hash functions and SHA-3. In: FSE 2008 (2008)

    Google Scholar 

  26. Knudsen, L., Rijmen, V.: Known-key distinguishers for some block ciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 315–324. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  27. Knudsen, L.R., Rechberger, C., Thomsen, S.S.: The Grindahl hash functions. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 39–57. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  28. Lai, X., Massey, J.: Hash function based on block ciphers. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 55–70. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  29. Lee, W., Nandi, M., Sarkar, P., Chang, D., Lee, S., Sakurai, K.: PGV-style block-cipher-based hash families and black-box analysis. IEICE Transactions 88-A(1), 39–48 (2005)

    Google Scholar 

  30. Matyas, S., Meyer, C., Oseas, J.: Generating strong one-way functions with cryptographic algorithm. IBM Technical Disclosure Bulletin 27(10A), 5658–5659 (1985)

    Google Scholar 

  31. Merkle, R.C.: One way hash functions and DES. In: Brassard [13], pp. 428–446

    Google Scholar 

  32. Mironov, I.: Hash functions: From Merkle-Damgård to Shoup. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 166–181. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  33. Miyaguchi, S., Ohta, K., Iwata, M.: New 128-bit hash function. In: 4th International Joint Workshop on Computer Communications, pp. 279–288 (1989)

    Google Scholar 

  34. Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: STOC, pp. 33–43. ACM, New York (1989)

    Google Scholar 

  35. Pietrzak, K.: Non-trivial black-box combiners for collision-resistant hash-functions don’t exist. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 23–33. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  36. Pohlmann, K.: Principles of Digital Audio, 4th edn. McGraw-Hill, New York (2005)

    Google Scholar 

  37. Preneel, B., Bosselaers, A., Govaerts, R., Vandewalle, J.: Collision-free hash functions based on block cipher algorithms. In: Carnahan Conference on Security Technology, pp. 203–210 (1989)

    Google Scholar 

  38. Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: A synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994)

    Google Scholar 

  39. Quisquater, J.-J., Girault, M.: 2n-bit hash-functions using n-bit symmetric block cipher algorithms. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 102–109. Springer, Heidelberg (1990)

    Google Scholar 

  40. Rabin, M.: Digitalized signatures. In: Lipton, R., DeMillo, R. (eds.) Foundations of Secure Computation, pp. 155–166. Academic Press, London (1978)

    Google Scholar 

  41. Rivest, R.: Abelian square-free dithering for iterated hash functions. In: ECRYPT Workshop on Hash Functions, Also presented in [42] (2005)

    Google Scholar 

  42. Rivest, R.: Abelian square-free dithering for iterated hash functions. In: NIST Hash Function Workshop (2005)

    Google Scholar 

  43. Rogaway, P., Steinberger, J.: Security/efficiency tradeoffs for permutation-based hashing. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, Springer, Heidelberg (to appear, 2008)

    Google Scholar 

  44. Shoup, V.: A composition theorem for universal one-way hash functions. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 445–452. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  45. Shrimpton, T., Stam, M.: Building a collision-resistant compression function from non-compressing primitives. In: Cryptology ePrint Archive, Report 2007/409 (2007)

    Google Scholar 

  46. Stam, M.: Another glance at blockcipher based hashing. Cryptology ePrint Archive, Report 2008/071 (2008)

    Google Scholar 

  47. Wikipedia. Dither — Wikipedia, The Free Encyclopedia, Accessed (November 22, 2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. FHNW, 5210, Windisch, Switzerland

    Jean-Philippe Aumasson

  2. Loughborough Uni, LE11 3TU, Leics, UK

    Raphael C. -W. Phan

Authors
  1. Jean-Philippe Aumasson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Raphael C. -W. Phan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Serge Vaudenay

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Aumasson, JP., Phan, R.C.W. (2008). How (Not) to Efficiently Dither Blockcipher-Based Hash Functions?. In: Vaudenay, S. (eds) Progress in Cryptology – AFRICACRYPT 2008. AFRICACRYPT 2008. Lecture Notes in Computer Science, vol 5023. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68164-9_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-68164-9_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-68159-5

  • Online ISBN: 978-3-540-68164-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation