The Collision Intractability of MDC-2 in the Ideal-Cipher Model

  • John P. Steinberger
Conference paper

DOI: 10.1007/978-3-540-72540-4_3

Part of the Lecture Notes in Computer Science book series (LNCS, volume 4515)
Cite this paper as:
Steinberger J.P. (2007) The Collision Intractability of MDC-2 in the Ideal-Cipher Model. In: Naor M. (eds) Advances in Cryptology - EUROCRYPT 2007. EUROCRYPT 2007. Lecture Notes in Computer Science, vol 4515. Springer, Berlin, Heidelberg


We provide the first proof of security for MDC-2, the most well-known construction for turning an n-bit blockcipher into a 2n-bit cryptographic hash function. Our result, which is in the ideal-cipher model, shows that MDC-2, when built from a blockcipher having blocklength and keylength n, has security much better than that delivered by any hash function that has an n-bit output. When the blocklength and keylength are n = 128 bits, as with MDC-2 based on AES-128, an adversary that asks fewer than 274.9 queries usually cannot find a collision.


Collision-resistant hashing cryptographic hash functions ideal-cipher model MDC-2 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • John P. Steinberger
    • 1
  1. 1.Dept. of MathematicsUniversity of CaliforniaDavisUSA

Personalised recommendations