Skip to main content

Hash Functions from Defective Ideal Ciphers

  • Conference paper
  • First Online:
Topics in Cryptology –- CT-RSA 2015 (CT-RSA 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9048))

Included in the following conference series:

Abstract

Cryptographic constructions are often designed and analyzed in idealized frameworks such as the random-oracle or ideal-cipher models. When the underlying primitives are instantiated in the real world, however, they may be far from ideal. Constructions should therefore be robust to known or potential defects in the lower-level primitives.

With this in mind, we study the construction of collision-resistant hash functions from “defective” ideal ciphers. We introduce a model for ideal ciphers that are vulnerable to differential related-key attacks, and explore the security of the classical PGV constructions from such weakened ciphers. We find that although none of the PGV compression functions are collision-resistant in our model, it is possible to prove collision resistance up to the birthday bound for iterated (Merkle-Damgård) versions of four of the PGV constructions. These four resulting hash functions are also optimally preimage-resistant.

Research supported in part by NSF award #1223623.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Baecher, P., Farshim, P., Fischlin, M., Stam, M.: Ideal-cipher (ir)reducibility for blockcipher-based hash functions. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 426–443. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  2. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: 1st ACM Conf. on Computer and Communications Security, pp. 62–73. ACM Press (1993)

    Google Scholar 

  3. Biham, Eli: New types of cryptanalytic attacks using related keys. In: Helleseth, Tor (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  4. Biham, E., Dunkelman, O., Keller, N.: A related-key rectangle attack on the Full KASUMI. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 443–461. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. Biham, E., Dunkelman, O., Keller, N.: A simple related-key attack on the Full SHACAL-1. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 20–30. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  6. Biryukov, A., Khovratovich, D.: Related-key cryptanalysis of the Full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1–18. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  7. Biryukov, A., Khovratovich, D., Nikolić, I.: Distinguisher and related-key attack on the Full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231–249. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  8. Black, J.A.: The ideal-cipher model, revisited: an uninstantiable blockcipher-based hash function. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 328–340. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  9. Black, J.A., Rogaway, P., Shrimpton, T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 320. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  10. Black, J., Rogaway, P., Shrimpton, T., Stam, M.: An analysis of the blockcipher-based hash functions from PGV. Journal of Cryptology 23(4), 519–545 (2010)

    Article  MATH  MathSciNet  Google Scholar 

  11. Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004)

    Article  MATH  MathSciNet  Google Scholar 

  12. Dunkelman, O., Keller, N., Kim, J.-S.: Related-key rectangle attack on the Full SHACAL-1. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 28–44. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  13. Dunkelman, O., Keller, N., Shamir, A.: A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 393–410. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  14. Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. Journal of Cryptology 10(3), 151–162 (1997)

    Article  MATH  MathSciNet  Google Scholar 

  15. Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)

    Article  MathSciNet  Google Scholar 

  16. Hirose, S.: Secure block ciphers are not sufficient for one-way hash functions in the Preneel-Govaerts-Vandewalle model. In: Nyberg, K., Heys, H.M. (eds.) Selected Areas in Cryptography. LNCS, vol. 2595, pp. 339–352. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  17. Hirose, S., Kuwakado, H.: Collision resistance of hash functions in a weak ideal cipher model. IEICE Trans. on Fundamentals E95–A(1), 252–255 (2012)

    Article  Google Scholar 

  18. Kawachi, A., Numayama, A., Tanaka, K., Xagawa, K.: Security of encryption schemes in weakened random oracle models. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 403–419. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  19. Kelsey, J., Schneier, B., Wagner, D.: Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237–251. Springer, Heidelberg (1996)

    Google Scholar 

  20. Kelsey, J., Schneier, B., Wagner, D.: Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 233–246. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  21. Knudsen, L.R.: Cryptanalysis of LOKI91. In: Zheng, Yuliang, Seberry, Jennifer (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 196–208. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  22. Knudsen, L.R., Kohno, T.: Analysis of RMAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 182–191. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  23. Leurent, G., Nguyen, P.Q.: How risky is the random-oracle model? In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 445–464. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  24. Liskov, M.: Constructing an ideal hash function from weak ideal compression functions. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 358–375. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  25. Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM Journal on Computing 17(2), 373–386 (1988)

    Article  MATH  MathSciNet  Google Scholar 

  26. Lucks, S.: A failure-friendly design principle for hash functions. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 474–494. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  27. Numayama, A., Isshiki, T., Tanaka, K.: Security of digital signature schemes in weakened random oracle models. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 268–287. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  28. Phan, R.C.-W.: Related-key attacks on triple-DES and DESX variants. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 15–24. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  29. Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  30. Shannon, C.E.: Communication theory of secrecy systems. Bell Systems Technical Journal 28(4), 656–715 (1949)

    Article  MATH  MathSciNet  Google Scholar 

  31. Simon, D.R.: Findings collisions on a one-way street: can secure hash functions be based on general assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334–345. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  32. Stam, M.: Blockcipher-based hashing revisited. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 67–83. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  33. Zhang, L., Wu, W., Wang, P., Zhang, L., Wu, S., Liang, B.: Constructing rate-1 MACs from related-key unpredictable block ciphers: PGV model revisited. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 250–269. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Aishwarya Thiruvengadam .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Katz, J., Lucks, S., Thiruvengadam, A. (2015). Hash Functions from Defective Ideal Ciphers. In: Nyberg, K. (eds) Topics in Cryptology –- CT-RSA 2015. CT-RSA 2015. Lecture Notes in Computer Science(), vol 9048. Springer, Cham. https://doi.org/10.1007/978-3-319-16715-2_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-16715-2_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-16714-5

  • Online ISBN: 978-3-319-16715-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics