Paper 2007/271
Hash Functions in the Dedicated-Key Setting: Design Choices and MPP Transforms
Mihir Bellare and Thomas Ristenpart
Abstract
In the dedicated-key setting, one starts with a compression function f:{0,1}^k x {0,1}^{n+d} -> {0,1}^n and builds a family of hash functions H^f:K x M -> {0,1}^n indexed by a key space K. This is different from the more traditional design approach used to build hash functions such as MD5 or SHA-1, in which compression functions and hash functions do not have dedicated key inputs. We explore the benefits and drawbacks of building hash functions in the dedicated-key setting (as compared to the more traditional approach), highlighting several unique features of the former. Should one choose to build hash functions in the dedicated-key setting, we suggest utilizing multi-property-preserving (MPP) domain extension transforms. We analyze seven existing dedicated-key transforms with regard to the MPP goal and propose two simple new MPP transforms.
Note: New update (October 2007) includes updates to Theorem 5.7 and Lemma 5.8 reflecting an update to "Multi-Property-Preserving Hash Domain Extension and the EMD Transform", ePrint 2006/399. Previously: There was an error in the Enveloped Shoup construction in the proceedings version, this version includes the correction.
Metadata
- Available format(s)
-
PDF
- Publication info
- Published elsewhere. A preliminary version appears in ICALP 2007
- Keywords
- hash functionsdedicated keysmulti-property-preserving transforms
- Contact author(s)
- tristenp @ cs ucsd edu
- History
- 2007-10-18: revised
- 2007-07-16: received
- See all versions
- Short URL
- https://ia.cr/2007/271
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2007/271,
author = {Mihir Bellare and Thomas Ristenpart},
title = {Hash Functions in the Dedicated-Key Setting: Design Choices and {MPP} Transforms},
howpublished = {Cryptology {ePrint} Archive, Paper 2007/271},
year = {2007},
url = {https://eprint.iacr.org/2007/271}
}
