Advertisement

On the Impossibility of Efficiently Combining Collision Resistant Hash Functions

  • Dan Boneh
  • Xavier Boyen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4117)

Abstract

Let H 1,H 2 be two hash functions. We wish to construct a new hash function H that is collision resistant if at least one of H 1 or H 2 is collision resistant. Concatenating the output of H 1 and H 2 clearly works, but at the cost of doubling the hash output size. We ask whether a better construction exists, namely, can we hedge our bets without doubling the size of the output? We take a step towards answering this question in the negative — we show that any secure construction that evaluates each hash function once cannot output fewer bits than simply concatenating the given functions.

Keywords

Hash Function Block Cipher Random Oracle Compression Function Impossibility Result 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Asmuth, C., Blakely, G.R.: An efficient algorithm for constructing a cryptosystem which is harder to break than two other cryptosystems. Computers and Mathematics with Applications 7, 447–450 (1981)CrossRefMathSciNetGoogle Scholar
  2. 2.
    Paulo, S.L., Barreto, M., Rijmen, V.: The Whirlpool hashing function. In: First open NESSIE Workshop, Leuven, Belgium (November 2000)Google Scholar
  3. 3.
    Black, J.A., Cochran, M., Shrimpton, T.: On the impossibility of highly-efficient blockcipher-based hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 526–541. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Black, J.A., Rogaway, P., Shrimpton, T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 320. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-damgård revisited: How to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430–448. Springer, Heidelberg (2005)Google Scholar
  6. 6.
    Damgård, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar
  7. 7.
    Dodis, Y., Katz, J.: Chosen-ciphertext security of multiple encryption. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 188–209. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Harnik, D., Kilian, J., Naor, M., Reingold, O., Rosen, A.: On robust combiners for oblivious transfer and other primitives. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 96–113. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Herzberg, A.: Tolerant combiners: Resilient cryptographic design. Cryptology ePrint Archive, Report,2002/135 (2002), http://eprint.iacr.org/
  10. 10.
    Hoch, J.J., Shamir, A.: Breaking the ICE - finding multicollisions in iterated concatenated and expanded (ICE) hash functions. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 179–194. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Hohenberger, S., Lysyanskaya, A.: How to securely outsource cryptographic computations. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 264–282. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Joux, A.: Multicollisions in iterated hash functions. Application to cascaded constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)Google Scholar
  13. 13.
    Wang, X., Yu, H., Yin, Y.L.: Can we get a reduction proof for truncated hashes? In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)Google Scholar
  14. 14.
    Lucks, S.: Design principles for iterated hash functions. Cryptology ePrint Archive, Report, 2004/253 (2004), http://eprint.iacr.org/
  15. 15.
    Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)Google Scholar
  16. 16.
    Nandi, M., Stinson, D.R.: Multicollision attacks on some generalized sequential hash functions. Cryptology ePrint Archive, Report 2006/055 (2006)Google Scholar
  17. 17.
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: Proceedings of STOC 1989, pp. 33–43 (1989)Google Scholar
  18. 18.
    NIST. Secure hash standard. Federal Information Processing Standards (FIPS) Publication 180-2 (2002)Google Scholar
  19. 19.
    Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: A synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, Springer, Heidelberg (1994)Google Scholar
  20. 20.
    Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the hash functions MD4 and RIPEMD. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. 21.
    Wang, X., Yao, A., Yao, F.: New collision search for SHA-1. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, Springer, Heidelberg (2004)Google Scholar
  22. 22.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)Google Scholar
  23. 23.
    Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Dan Boneh
    • 1
  • Xavier Boyen
    • 2
  1. 1.Computer Science Dept.Stanford University 
  2. 2.Voltage Inc.Palo Alto

Personalised recommendations