Security-Amplifying Combiners for Collision-Resistant Hash Functions

  • Marc Fischlin
  • Anja Lehmann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4622)

Abstract

The classical combiner \(\mathsf{Comb}_{\text{class}}^{H_0,H_1}(M)=H_0(M)|| H_1(M)\) for hash functions H0,H1 provides collision-resistance as long as at least one of the two underlying hash functions is secure. This statement is complemented by the multi-collision attack of Joux (Crypto 2004) for iterated hash functions H0,H1 with n-bit outputs. He shows that one can break the classical combiner in \({{n}\over{2}}. T_0 + T_1\) steps if one can find collisions for H0 and H1 in time T0 and T1, respectively. Here we address the question if there are security-amplifying combiners where the security of the building blocks increases the security of the combined hash function, thus beating the bound of Joux. We discuss that one can indeed have such combiners and, somewhat surprisingly in light of results of Nandi and Stinson (ePrint 2004) and of Hoch and Shamir (FSE 2006), our solution is essentially as efficient as the classical combiner.

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Marc Fischlin
    • 1
  • Anja Lehmann
    • 1
  1. 1.Darmstadt University of TechnologyGermany

Personalised recommendations