Finding collisions on a one-way street: Can secure hash functions be based on general assumptions?

  • Daniel R. Simon
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1403)


We prove the existence of an oracle relative to which there exist several well-known cryptographic primitives, including one-way permutations, but excluding (for a suitably strong definition) collision-intractible hash functions. Thus any proof that such functions can be derived from these weaker primitives is necessarily non-relativizing; in particular, no provable construction of a collision-intractable hash function can exist based solely on a “black box” one-way permutation. This result can be viewed as a partial justification for the common practice of treating the collision-intractable hash function as a cryptographic primitive, rather than attempting to derive it from a weaker primitive (such as a one-way permutation).

Key words

Hash functions oracle cryptography complexity theory 


  1. [AHV98]
    W. Aiello, S. Haber and R. Venkatesan, “New Constructions for Secure Hash Functions”, Proc. Fifth Workshop on Fast Software Encryption (FSE5), 1998.Google Scholar
  2. [AV96]
    W. Aiello and R. Venkatesan, “Foiling Birthday Attacks in LengthDoubling Transformations”, Proc. EUROCRYPT '96, 1996.Google Scholar
  3. [BR93]
    M. Bellare and P. Rogaway, “Random Oracles Are Practical: a Paradigm for Designing Efficient Protocols”, Proc. 1st Annual Conference on Computer and Communications Security, 1993.Google Scholar
  4. [BR94]
    M. Bellare and P. Rogaway, “Optimal Asymmetric Encryption”, Proc. Eurocrypt '94, 1994.Google Scholar
  5. [Dam87]
    I. Damgård, “Collision-Free Hash Functions and Public-Key Signature Schemes”, Proc. EUROCRYPT '87, 1987.Google Scholar
  6. [Dam89]
    I. Damgård, “A Design Principle for Hash Functions”, Proc. CRYPTO '89, 1989.Google Scholar
  7. [DP80]
    D. Davies and W. Price, “The Application of Digital Signatures Based on Public-Key Cryptosystems”, Proc. 5th International Computer Communications Conference, 1980.Google Scholar
  8. [Mer89]
    R. Merkle, “One Way Hash Functions and DES”, Proc. CRYPTO '89, 1989.Google Scholar
  9. [NIST94]
    National Institute of Standards and Technology, NIST FIPS PUB 186, “Digital Signature Standard”, U.S. Department of Commerce, 1994.Google Scholar
  10. [NY89]
    M. Naor and M. Yung, “Universal Hash Functions and their Cryptographic Applications”, Proc. 21st Annual Symposium on Theory of Computing, 1989.Google Scholar
  11. [Riv92]
    R. Rivest, “The MD5 Message Digest Algorithm”, RFC 1321, 1992.Google Scholar
  12. [Rom90]
    J. Rompel, “One-Way Functions Are Necessary and Sufficient for Digital Signatures”, Proc. 22nd Annual Symposium on Theory of Computing, 1990.Google Scholar
  13. [Rus92]
    A. Russell, “Necessary and Sufficient Conditions for Collision-Free Hashing”, Proc. CRYPTO '92, 1992.Google Scholar
  14. [Tsu92]
    G. Tsudik, “Message Authentication with One-Way Hash Functions”, ACM Computer Communications Review v 22, no. 5, pp. 29–38, 1992.CrossRefGoogle Scholar
  15. [ZMI90]
    Y. Zheng, T. Matsumoto and H. Imai, “Structural Properties of One-Way Hash Functions”, Proc. CRYPTO '90, 1990.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Daniel R. Simon
    • 1
  1. 1.Microsoft ResearchOne Microsoft WayRedmondUSA

Personalised recommendations