Expedient Non-malleability Notions for Hash Functions
Non-malleability of a cryptographic primitive is a fundamental security property which ensures some sort of independence of cryptographic values. The notion has been extensively studied for commitments, encryption and zero-knowledge proofs, but it was not until recently that the notion—and its peculiarities—have been considered for hash functions by Boldyreva et al. (Asiacrypt 2009). They give a simulation-based definition, basically saying that for any adversary mauling hash values into related ones there is a simulator which is as successful in producing such hash values, even when not seeing the original hash values. Their notion, although following previous approaches to nonmalleability, is nonetheless quite unwieldy; it is hard to achieve and, due to the existential quantification over the simulator, hard to falsify. We also note that finding an equivalent indistinguishability-based notion is still open.
Here we take a different, more handy approach to non-malleability of hash functions. Our definition avoids simulators completely and rather asks the adversary to maul the hash value and to also specify a transformation φ of the pre-image, taken from a fixed class Φ of admissible transformations. These transformations are usually determined by group operations and include such cases such as exclusive-ors (i.e., bit flips) and modular additions. We then simply demand that the probability of succeeding is negligible, as long as the original pre-image carries enough entropy. We continue to show that our notion is useful by proving that, for example, the strengthened Merkle-Damgård transformation meets our notion for the case of bit flips, assuming an ideal compression function. We also improve over the security result by Boldyreva et al., showing that our notion of non-malleability suffices for the security of the Bellare-Rogaway encryption scheme.
KeywordsHash function Non-malleability
Unable to display preview. Download preview PDF.
- 2.Barak, B.: Constant-round coin-tossing with a man in the middle or realizing the shared random string model. In: 43rd FOCS, November 16-19, pp. 345–355. IEEE Computer Society Press, Vancouver (2002)Google Scholar
- 6.Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM CCS 1993, November 3-5, pp. 62–73. ACM Press, Fairfax (1993)Google Scholar
- 15.Damgård, I., Groth, J.: Non-interactive and reusable non-malleable commitment schemes. In: 35th ACM STOC, June 9-11, pp. 426–437. ACM Press, San Diego (2003)Google Scholar
- 17.Di Crescenzo, G., Ishai, Y., Ostrovsky, R.: Non-interactive and non-malleable commitment. In: 30th ACM STOC, May 23-26, pp. 141–150. ACM Press, Dallas (1998)Google Scholar
- 19.Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., Walker, J.: The skein hash function family (2008)Google Scholar
- 23.Lin, H., Pass, R.: Non-malleability amplification. In: 41st ACM STOC, May 31-June 2, pp. 189–198. ACM Press, Bethesda (2009)Google Scholar
- 27.Matyas, S., Meyer, C., Oseas, J.: Generating strong one-way functions with cryptographic algorithms. IBM Technical Bulletin (1985)Google Scholar
- 30.Ostrovsky, R., Persiano, G., Visconti, I.: Constant-round concurrent non-malleable zero knowledge in the bare public-key model. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 548–559. Springer, Heidelberg (2008)CrossRefGoogle Scholar
- 32.Pass, R., Rosen, A.: Concurrent non-malleable commitments. In: 46th FOCS, October 23-25, pp. 563–572. IEEE Computer Society Press, Pittsburgh (2005)Google Scholar
- 33.Pass, R., Rosen, A.: New and improved constructions of non-malleable cryptographic protocols. In: 37th ACM STOC, May 22-24, pp. 533–542. ACM Press, Baltimore (2005)Google Scholar
- 35.Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: 40th FOCS, October 17-19, pp. 543–553. IEEE Computer Society Press, New York (1999)Google Scholar