Cryptology ePrint Archive: Report 2004/035
Cryptographic Hash-Function Basics: Definitions, Implications and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance
Phillip Rogaway and Thomas Shrimpton
Abstract: We consider basic notions of security for cryptographic hash
functions: collision resistance, preimage resistance, and
second-preimage resistance. We give seven different definitions
that correspond to these three underlying ideas, and then we work out
all of the implications and separations among these seven definitions
within the concrete-security, provable-security framework. Because
our results are concrete, we can show two types of implications,
"conventional" and "provisional", where the strength of the latter depends on the amount of compression achieved by the hash function. We also distinguish two types of separations, "conditional" and "unconditional". When constructing counterexamples for our separations, we are careful to preserve specified hash-function domains and ranges; this rules out some pathological counterexamples and makes the separations more meaningful in practice.
Four of our definitions are standard while three appear to be new;
some of our relations and separations have appeared, others have not. Here we give a modern treatment that acts to catalog, in one place and with carefully-considered nomenclature, the most basic security notions for cryptographic hash functions.
Category / Keywords: foundations / collision resistance, cryptographic hash functions, preimage resistance, provable security, second-preimage resistance
Publication Info: Appeared at FSE'04
Date: received 10 Feb 2004, last revised 9 Aug 2009
Contact author: rogaway at cs ucdavis edu
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation
Note: Revised to correct the erroneous claim that everywhere preimage-resistance (ePre) implies preimage-resistance (Pre). Thanks to Elena Andreeva and Martijn Stam for pointing out the problem.
Version: 20090809:234115 (All versions of this report)
Short URL: ia.cr/2004/035
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]