Advertisement

Decisional Second-Preimage Resistance: When Does SPR Imply PRE?

  • Daniel J. BernsteinEmail author
  • Andreas HülsingEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11923)

Abstract

There is a well-known gap between second-preimage resistance and preimage resistance for length-preserving hash functions. This paper introduces a simple concept that fills this gap. One consequence of this concept is that tight reductions can remove interactivity for multi-target length-preserving preimage problems, such as the problems that appear in analyzing hash-based signature systems. Previous reduction techniques applied to only a negligible fraction of all length-preserving hash functions, presumably excluding all off-the-shelf hash functions.

Keywords

Cryptographic hash functions Preimage resistance Second-preimage resistance Provable security Tight reductions Multi-target attacks Hash-based signatures 

References

  1. 1.
    Andreeva, E., Bouillaguet, C., Dunkelman, O., Fouque, P.-A., Hoch, J.J., Kelsey, J., Shamir, A., Zimmer, S.: New second-preimage attacks on hash functions. J. Cryptol. 29(4), 657–696 (2016). https://www.di.ens.fr/~fouque/pub/joc11.pdfMathSciNetCrossRefGoogle Scholar
  2. 2.
    Buchmann, J., Dahmen, E., Klintsevich, E., Okeya, K., Vuillaume, C.: Merkle signatures with virtually unlimited signature capacity. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 31–45. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-72738-5_3CrossRefGoogle Scholar
  3. 3.
    Charalambides, C.A.: Distributions of random partitions and their applications. Methodol. Comput. Appl. Probab. 9(2), 163–193 (2007)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Dörrie, H.: 100 Great Problems of Elementary Mathematics. Courier Corporation (2013)Google Scholar
  5. 5.
    Flajolet, P., Sedgewick, R.: Analytic Combinatorics. Cambridge University Press, Cambridge (2009). http://ac.cs.princeton.edu/home/AC.pdfCrossRefGoogle Scholar
  6. 6.
    Hülsing, A.: W-OTS+ – shorter signatures for hash-based signature schemes. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 173–188. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38553-7_10. https://eprint.iacr.org/2017/965CrossRefGoogle Scholar
  7. 7.
    Hülsing, A., Butin, D., Gazdag, S.-L., Rijneveld, J., Mohaisen, A.: XMSS: eXtended Merkle Signature Scheme. RFC 8391, May 2018. https://rfc-editor.org/rfc/rfc8391.txt
  8. 8.
    Hülsing, A., Rausch, L., Buchmann, J.: Optimal parameters for XMSSMT. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES 2013. LNCS, vol. 8128, pp. 194–208. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40588-4_14. https://eprint.iacr.org/2017/966CrossRefGoogle Scholar
  9. 9.
    Hülsing, A., Rijneveld, J., Song, F.: Mitigating multi-target attacks in hash-based signatures. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9614, pp. 387–416. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49384-7_15. https://eprint.iacr.org/2015/1256CrossRefGoogle Scholar
  10. 10.
    Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than 2n work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_28. https://eprint.iacr.org/2004/304.pdfCrossRefGoogle Scholar
  11. 11.
    Lamport, L.: Constructing digital signatures from a one way function. Technical report SRI-CSL-98, SRI International Computer Science Laboratory (1979). https://lamport.azurewebsites.net/pubs/dig-sig.pdf
  12. 12.
    Malkin, T., Micciancio, D., Miner, S.: Efficient generic forward-secure signatures with an unbounded number of time periods. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 400–417. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-46035-7_27. https://cseweb.ucsd.edu/~daniele/papers/MMM.htmlCrossRefGoogle Scholar
  13. 13.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, New York (1990).  https://doi.org/10.1007/0-387-34805-0_21. https://merkle.com/papers/Certified1979.pdfCrossRefGoogle Scholar
  14. 14.
    Robbins, H.: A remark on Stirling’s formula. Am. Math. Mon. 62(1), 26–29 (1955)MathSciNetzbMATHGoogle Scholar
  15. 15.
    Rogaway, P., Shrimpton, T.: Cryptographic hash-function basics: definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 371–388. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-25937-4_24. https://eprint.iacr.org/2004/035CrossRefGoogle Scholar
  16. 16.
    Sloane, N.J.A.: The on-line encyclopedia of integer sequences (2019). https://oeis.orgCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of Illinois at ChicagoChicagoUSA
  2. 2.Horst Görtz Institute for IT SecurityRuhr University BochumBochumGermany
  3. 3.Department of Mathematics and Computer ScienceTechnische Universiteit EindhovenEindhovenThe Netherlands

Personalised recommendations