Another Glance at Double-Length Hashing

  • Onur Özen
  • Martijn Stam
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5921)


We propose a novel framework for blockcipher-based double-length hash functions by extending the recent generalization presented by Stam at FSE ’09 for single-call hash functions. We focus on compression functions compressing 3n bits to 2n bits that use one or two calls to a 2n-bit key, n-bit block blockcipher. In case of a single call, we concentrate on security in the iteration. In case of two calls, we restrict ourselves to two parallel calls (initially to distinct and independent blockciphers). We analyse the kind of pre- and postprocessing functions that are sufficient to obtain close to optimal collision resistance, either in the compression function or in the iteration. Our framework can be used to get a clearer understanding of a large class of double-length hash functions of this type.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Black, J., Rogaway, P., Shrimpton, T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320–335. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Bogdanov, A., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y.: Hash functions and RFID tags: Mind the gap. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 283–299. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Brachtl, B., Coppersmith, D., Hyden, M., Matyas Jr., S., Meyer, C., Oseas, J., Pilpel, S., Schilling, M.: Data authentication using modification detection codes based on a public one-way encryption function. U.S. Patent No 4,908,861 (March 1990)Google Scholar
  4. 4.
    Brassard, G. (ed.): CRYPTO 1989. LNCS, vol. 435. Springer, Heidelberg (1990)MATHGoogle Scholar
  5. 5.
    Damgård, I.: A design principle for hash functions. In: Brassard (ed.) [4], pp. 416–427.Google Scholar
  6. 6.
    Dunkelman, O. (ed.): FSE 2009. LNCS, vol. 5665. Springer, Heidelberg (2009)MATHGoogle Scholar
  7. 7.
    Duo, L., Li, C.: Improved collision and preimage resistance bounds on PGV schemes. Technical Report 462, IACR’s ePrint Archive (2006)Google Scholar
  8. 8.
    Fleischmann, E., Gorski, M., Lucks, S.: On the security of Tandem-DM. In: Dunkelman (ed.) [6] (to appear)Google Scholar
  9. 9.
    Fleischmann, E., Gorski, M., Lucks, S.: Security of cyclic double block length hash functions including Abreast-DM. Technical Report 261, IACR’s ePrint Archive (2009)Google Scholar
  10. 10.
    Hattori, M., Hirose, S., Yoshida, S.: Analysis of double block length hash functions. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 290–302. Springer, Heidelberg (2003)Google Scholar
  11. 11.
    Hirose, S.: Provably secure double-block-length hash functions in a black-box model. In: Park, C., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 330–342. Springer, Heidelberg (2005)Google Scholar
  12. 12.
    Hirose, S.: Some plausible constructions of double-length hash functions. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 210–225. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Hohl, W., Lai, X., Meier, T., Waldvogel, C.: Security of iterated hash functions based on block ciphers. In: Stinson (ed.) [29], pp. 379–390Google Scholar
  14. 14.
    Knudsen, L., Lai, X., Preneel, B.: Attacks on fast double block length hash functions. Journal of Cryptology 11(1), 59–72 (1998)MATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Knudsen, L.R., Mendel, F., Rechberger, C., Thomsen, S.S.: Cryptanalysis of mdc-2. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 106–120. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Lai, X., Massey, J.L.: Hash function based on block ciphers. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 55–70. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  17. 17.
    Lee, J., Kwon, D.: The security of abreast-dm in the ideal cipher model. Technical Report 225, IACR’s ePrint Archive (2009)Google Scholar
  18. 18.
    Lucks, S.: A failure-friendly design principle for hash functions. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 474–494. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Lucks, S.: A collision-resistant rate-1 double-block-length hash function. In: Biham, E., Handschuh, H., Lucks, S., Rijmen, V. (eds.) Symmetric Cryptography. Dagstuhl Seminar Proceedings, Dagstuhl, Germany, vol. 07021, Internationales Begegnungs- und Forschungszentrum für Informatik (IBFI), Schloss Dagstuhl (2007)Google Scholar
  20. 20.
    Merkle, R.C.: A certified digital signature. In: Brassard (ed.) [4], pp. 218–238Google Scholar
  21. 21.
    Merkle, R.C.: One way hash functions and DES. In: Brassard [4], pp. 428–446Google Scholar
  22. 22.
    Nandi, M.: Towards optimal double-length hash functions. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 77–89. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: A synthetic approach. In: Stinson (ed.) [29], pp. 368–378Google Scholar
  24. 24.
    Rogaway, P., Shrimpton, T.: Cryptographic hash-function basics: Definitions, implications and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 371–388. Springer, Heidelberg (2004)Google Scholar
  25. 25.
    Rogaway, P., Steinberger, J.: Constructing cryptographic hash functions from fixed-key blockciphers. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 433–450. Springer, Heidelberg (2008)Google Scholar
  26. 26.
    Satoh, T., Haga, M., Kurosawa, K.: Towards secure and fast hash functions. IEICE Transactions, Special Section on Cryptography and Information Security E82–A(1) (1999)Google Scholar
  27. 27.
    Stam, M.: Block cipher based hashing revisited. In: Dunkelman (ed.) [6], pp. 67–83Google Scholar
  28. 28.
    Steinberger, J.: The collision intractability of MDC-2 in the ideal-cipher model. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 34–51. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  29. 29.
    Stinson, D.R. (ed.): CRYPTO 1993. LNCS, vol. 773. Springer, Heidelberg (1994)MATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Onur Özen
    • 1
  • Martijn Stam
    • 1
  1. 1.LACALEPFLSwitzerland

Personalised recommendations