Advertisement

International Journal of Information Security

, Volume 11, Issue 6, pp 419–434 | Cite as

The suffix-free-prefix-free hash function construction and its indifferentiability security analysis

  • Nasour Bagheri
  • Praveen Gauravaram
  • Lars R. Knudsen
  • Erik ZennerEmail author
Regular Contribution

Abstract

In this paper, we observe that in the seminal work on indifferentiability analysis of iterated hash functions by Coron et al. and in subsequent works, the initial value \((IV)\) of hash functions is fixed. In addition, these indifferentiability results do not depend on the Merkle–Damgård (MD) strengthening in the padding functionality of the hash functions. We propose a generic \(n\)-bit-iterated hash function framework based on an \(n\)-bit compression function called suffix-free-prefix-free (SFPF) that works for arbitrary \(IV\)s and does not possess MD strengthening. We formally prove that SFPF is indifferentiable from a random oracle (RO) when the compression function is viewed as a fixed input-length random oracle (FIL-RO). We show that some hash function constructions proposed in the literature fit in the SFPF framework while others that do not fit in this framework are not indifferentiable from a RO. We also show that the SFPF hash function framework with the provision of MD strengthening generalizes any \(n\)-bit-iterated hash function based on an \(n\)-bit compression function and with an \(n\)-bit chaining value that is proven indifferentiable from a RO.

Keywords

Indifferentiability Merkle–Damgård MD strengthening Random oracle SFPF 

Notes

Acknowledgments

We would like to thank anonymous reviewers for their valuable comments on the paper. We also thank Colin Boyd and Choudary Gorantla for their comments on an earlier version of this paper and Shoichi Hirose for his discussions on this topic.

References

  1. 1.
    Bellare, M., Canetti, R., Krawczyk, H.: Pseudorandom functions revisited: the cascade construction and its concrete security. In: Proceedings of the 37th Annual IEEE Symposium on Foundations of Computer Science, FOCS’96, pp. 514–523. IEEE Computer Society, IEEE Computer Society Press (1996)Google Scholar
  2. 2.
    Bellare, M., Ristenpart, T.: Multi-property-preserving hash domain extension and the EMD transform. In: Proceedings of ASIACRYPT 2006, vol. 4284 of Lecture Notes in Computer Science, pp. 299–314. Springer (2006)Google Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of CCS ’93p, pp. 62–73. ACM Press (1993)Google Scholar
  4. 4.
    Chang, D., Lee, S., Nandi, M., Yung, M.: Indifferentiable security analysis of popular hash functions with prefix-free padding. In: Proceedings of ASIACRYPT 2006, vol. 4284 of Lecture Notes in Computer Science, pp. 283–298. Springer (2006)Google Scholar
  5. 5.
    Chang, D., Nandi, M.: Improved Indifferentiability Security Analysis of chopMD Hash Function. In: Proc. FSE 2008, volume 5086 of Lecture Notes in Computer Science, pp. 429–443. Springer (2008)Google Scholar
  6. 6.
    Chang, D., Sung, J., Hong, S., Lee, S.: Indifferentiable security analysis of choppfMD, chopMD, chopMDP, chopWPH, chopNI, chopEMD, chopCS, and chopESh hash domain extensions. Cryptology ePrint archive, report 2008/407 (2008)Google Scholar
  7. 7.
    Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle–Damgård revisited: how to construct a hash function. In: Proceedings of CRYPTO 2005, vol. 3621 of Lecture Notes in Computer Science, pp. 430–448. Springer (2005)Google Scholar
  8. 8.
    Coron, J.-S., Patarin, J., Seurin, Y.: The random oracle model and the ideal cipher model are equivalent. In: Proceedings of CRYPTO 2008, volume 5157 of Lecture Notes in Computer Science, pp. 1–20. Springer (2008)Google Scholar
  9. 9.
    Damgård, I.B.: A design principle for hash functions. In: Proceedings of CRYPTO 1989, vol. 435 of Lecture Notes in Computer Science, pp. 416–427. Springer (1989)Google Scholar
  10. 10.
    Dobbertin, H., Bosselaers, A., Preneel, B.: RIPEMD-160: a strengthened version of RIPEMD. In: Proceedings of FSE 1996, vol. 1039 of Lecture Notes in Computer Science, pp. 71–82. Springer (1996)Google Scholar
  11. 11.
    Gong, Z., Lai, X., Chen, K.: A synthetic indifferentiability analysis of some block-cipher-based hash functions. Des. Codes Cryptogr. 48(3), 293–305 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  12. 12.
    Hirose, S., Park, J.H., Yun, A.: A simple variant of the Merkle–Damgård scheme with a permutation. In: Proceedings of ASIACRYPT 2007, vol. 4833 of Lecture Notes in Computer Science, pp. 113–129. Springer (2007)Google Scholar
  13. 13.
    Joux, A.: Multicollisions in iterated hash functions. Application to cascaded constructions. In: Proceedings of CRYPTO 2004, vol. 3152 of Lecture Notes in Computer Science, pp. 306–316. Springer (2004)Google Scholar
  14. 14.
    Kelsey, J., Kohno, T.: Herding hash functions and the Nostradamus attack. In: Proceedings of EUROCRYPT 2006, vol. 4004 of Lecture Notes in Computer Science, pp. 183–200. Springer (2006)Google Scholar
  15. 15.
    Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than \(2^{n}\) work. In: Proceedings of EUROCRYPT 2005, vol. 3494 of Lecture Notes in Computer Science, pp. 474–490. Springer (2005)Google Scholar
  16. 16.
    Lai, X., Massey, J.L.: Hash functions based on block ciphers. In: Proceedings of EUROCRYPT 1992, vol. 658 of Lecture Notes in Computer Science, pp. 53–66. Springer (1992)Google Scholar
  17. 17.
    Lucks, S.: A failure-friendly design principle for hash functions. In: Proceedings of ASIACRYPT 2005, vol. 3788 of Lecture Notes in Computer Science, pp. 474–494. Springer (2005)Google Scholar
  18. 18.
    Maurer, U.M., Renner, R., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Proceedings of TCC ’04, vol. 2951 of Lecture Notes in Computer Science, pp. 21–39. Springer (2004)Google Scholar
  19. 19.
    Merkle, R.C.: One way hash functions and DES. In: Proceedings of CRYPTO 1989, vol. 435 of Lecture Notes in Computer Science, pp. 428–446. Springer (1989) Google Scholar
  20. 20.
    National Institute of Standards and Technology.: FIPS PUB 180–2-Secure Hash Standard, Aug 2002Google Scholar
  21. 21.
    Preneel, B.: Analysis and design of cryptographic hash functions. Thesis (Ph.D.), Katholieke Universiteit Leuven, Leuven, Belgium, Jan 1993Google Scholar

Copyright information

© Springer-Verlag 2012

Authors and Affiliations

  • Nasour Bagheri
    • 1
  • Praveen Gauravaram
    • 2
  • Lars R. Knudsen
    • 3
  • Erik Zenner
    • 4
    Email author
  1. 1.Electrical Engineering DepartmentShahid Rajaee Teacher Training UniversityTehranIran
  2. 2.Tata Consultancy Services Innovation LabsTata Consultancy Services LimitedHyderabadIndia
  3. 3.Department of MathematicsTechnical University of DenmarkKongens LyngbyDenmark
  4. 4.University of Applied Sciences OffenburgOffenburgGermany

Personalised recommendations