Designs, Codes and Cryptography

, Volume 76, Issue 2, pp 179–205 | Cite as

MJH: a faster alternative to MDC-2

Article

Abstract

In this paper, we introduce a new class of double-block-length hash functions. Using the ideal cipher model, we prove that these hash functions, dubbed MJH, are asymptotically collision resistant up to \(O(2^{n(1-\epsilon )})\) query complexity for any \(\epsilon >0\) in the iteration, where \(n\) is the block size of the underlying blockcipher. When based on \(n\)-bit key blockciphers, our construction, being of rate 1/2, provides better provable security than MDC-2, the only known construction of a rate-1/2 double-length hash function based on an \(n\)-bit key blockcipher with non-trivial provable security. Moreover, since key scheduling is performed only once per message block for MJH, our proposal significantly outperforms MDC-2 in efficiency. When based on a \(2n\)-bit key blockcipher, we can use the extra \(n\) bits of key to increase the amount of payload accordingly. Thus we get a rate-1 hash function that is much faster than existing proposals, such as Tandem-DM with comparable provable security. This is the full version of Lee and Stam (A faster alternative to MDC-2, 2011).

Keywords

Hash function Blockcipher Provable security Collision resistance 

Mathematics Subject Classification

94A60 

References

  1. 1.
    Black J., Rogaway P., Shrimpton T.: Black-box analysis of the block-cipher-based hash-function construction from PGV. In: Yung M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320–325. Springer, Heidelberg (2002).Google Scholar
  2. 2.
    Black J., Cochran M., Shrimpton T.: On the impossibility of highly-efficient blockcipher-based hash functions. In: Cramer R (ed.) Eurocrypt 2005. LNCS, vol. 3494, pp. 526–541. Springer, Heidelberg (2005).Google Scholar
  3. 3.
    Bogdanov A., Leander G., Paar C., Poschmann A., Robshaw M.J.B., Seurin Y.: Hash functions and RFID tags: mind the gap. In: Oswald E., Rohatgi P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 283–299. Springer, Heidelberg (2008).Google Scholar
  4. 4.
    Bos J.W., Özen O., Stam M.: Efficient hashing using the AES instruction set. In: Preneel B., Takagi T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 507–522. Springer, Heidelberg (2011).Google Scholar
  5. 5.
    Biryukov A., Khovratovich D.: Related-key cryptanalysis of the full AES-192 and AES-256. In: Matsui M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1–18. Springer, Heidelberg (2009).Google Scholar
  6. 6.
    Brachtl B., Coppersmith D., Heyden M., Matyas S., Meyer C., Oseas J., Pilpel S., Schilling M.: Data authentication using modification detection codes based on a public one-way encryption function. US Patent #4,908,861, 13 Mar 1990.Google Scholar
  7. 7.
    Damgård I.: A design principle for hash functions. In: Brassard G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990).Google Scholar
  8. 8.
    Fleischmann E., Gorski M., Lucks S.: On the security of Tandem-DM. In: Dunkelman O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 85–105. Springer, Heidelberg (2009).Google Scholar
  9. 9.
    Fleischmann E., Gorski M., Lucks S.: Security of cyclic double block length hash functions. In: Parker M.G. (ed.) Cryptography and Coding 2009. LNCS, vol. 5921, pp. 153–175, Springer, Heidelberg (2009).Google Scholar
  10. 10.
    Hattori M., Hirose S., Yoshida S.: Analysis of double block length hash functions. In: Paterson K.G. (ed.) IMA 2003. LNCS, vol. 2898, pp. 290–302. Springer, Heidelberg (2003).Google Scholar
  11. 11.
    Hirose S.: Provably secure double-block-length hash functions in a black-box model. In: Park C., Chee S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 330–342. Springer, Heidelberg (2005).Google Scholar
  12. 12.
    Hirose S.: A security analysis of double-block-length hash functions with the rate 1. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E89-A(10), 2575–2582 (2006).Google Scholar
  13. 13.
    Hirose S.: Some plausible construction of double-block-length hash functions. In: Robshaw M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 210–225. Springer, Heidelberg (2006).Google Scholar
  14. 14.
    Knudsen L.R., Massey J.L., Preneel B.: Attacks on fast double block length hash functions. J. Cryptol. 11(1), 59–72 (1998).Google Scholar
  15. 15.
    Knudsen L.R., Mendel F., Rechberger C., Thomsen S.S.: Cryptanalysis of MDC-2. In: Joux A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 106–120. Springer, Heidelberg (2009).Google Scholar
  16. 16.
    Lai X., Massey J.L.: Hash function based on block ciphers. In: Rueppel R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 55–70. Springer, Heidelberg (1993).Google Scholar
  17. 17.
    Lee J., Hong D.: Collision resistance of the JH hash function. IEEE Trans. Inf. Theory 58(3), 1992–1995 (2012).Google Scholar
  18. 18.
    Lee J., Kwon D.: The security of Abreast-DM in the ideal cipher model. IEICE Trans. 94-A(1), pp. 104–109 (2011).Google Scholar
  19. 19.
    Lee J., Stam M.: A faster alternative to MDC-2. In: Kiayias A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 213–236. Springer, Heidelberg (2011).Google Scholar
  20. 20.
    Lee J., Steinberger J.: Multi-property-preserving domain extension using polynomial-based modes of operation. In: Gilbert H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 573–596. Springer, Heidelberg (2010).Google Scholar
  21. 21.
    Lee J., Stam M., Steinberger J.: The collision security of Tandem-DM in the ideal cipher model. In: Rogaway P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 561–577. Springer, Heidelberg (2011).Google Scholar
  22. 22.
    Lucks S.: A collision-resistant rate-1 double-block-length hash function. In: Symmetric Cryptography, Dagstuhl Seminar Proceedings 07021 (2007).Google Scholar
  23. 23.
    Merkle R.: One way hash functions and DES. In: Brassard G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990).Google Scholar
  24. 24.
    Meyer C., Schilling M.: Chargement securise d’un programma avec code de detection de manipulation (1987)Google Scholar
  25. 25.
    Özen O., Stam M.: Another glance at double-length hashing. In: Parker M.G. (ed.) Cryptography and Coding 2009. LNCS, vol. 5921, pp. 176–201. Springer, Heidelberg (2009).Google Scholar
  26. 26.
    Preneel B., Govaerts R., Vandewalle J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994).Google Scholar
  27. 27.
    Ristenpart T., Shrimpton T.: How to build a hash function from any collision-resistant function. In: Kurosawa K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 147–163. Springer, Heidelberg (2007).Google Scholar
  28. 28.
    Rogaway P., Steinberger J.: Constructing cryptographic hash functions from fixed-key blockciphers. In: Wagner D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 433–450. Springer, Heidelberg (2008).Google Scholar
  29. 29.
    Rogaway P., Steinberger J.: Security/efficiency tradeoffs for permuation-based hashing. In: Smart N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 220–236. Springer, Heidelberg (2008).Google Scholar
  30. 30.
    Shrimpton T., Stam M.: Building a collision-resistant function from non-compressing primitives. In: Aceto L., Damgård I., Goldberg L.A., Halldórssón M.M., Ingolfsdottir A., Walukiewic I. (eds.) ICALP 2008. LNCS, vol. 5126, pp. 643–654. Springer, Heidelberg (2008).Google Scholar
  31. 31.
    Stam M.: Beyond uniformity: security/efficiency tradeoffs for compression functions. In: Wagner D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 397–412. Springer, Heidelberg (2008).Google Scholar
  32. 32.
    Stam M.: Blockcipher based hashing revisited. In: Dunkelman O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 67–83. Springer, Heidelberg (2009).Google Scholar
  33. 33.
    Steinberger J.: The collision intractability of MDC-2 in the ideal-cipher model. In: Naor M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 34–51. Springer, Heidelberg (2008).Google Scholar
  34. 34.
    Wu H.: The hash function JH. Submission to NIST. http://www3.ntu.edu.sg/home/wuhj/research/jh/index.html (2008).

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  1. 1.Sejong UniversitySeoulKorea
  2. 2.University of BristolBristolUK

Personalised recommendations