Cryptology ePrint Archive: Report 2007/271

Hash Functions in the Dedicated-Key Setting: Design Choices and MPP Transforms

Mihir Bellare and Thomas Ristenpart

Abstract: In the dedicated-key setting, one starts with a compression function f:{0,1}^k x {0,1}^{n+d} -> {0,1}^n and builds a family of hash functions H^f:K x M -> {0,1}^n indexed by a key space K. This is different from the more traditional design approach used to build hash functions such as MD5 or SHA-1, in which compression functions and hash functions do not have dedicated key inputs. We explore the benefits and drawbacks of building hash functions in the dedicated-key setting (as compared to the more traditional approach), highlighting several unique features of the former. Should one choose to build hash functions in the dedicated-key setting, we suggest utilizing multi-property-preserving (MPP) domain extension transforms. We analyze seven existing dedicated-key transforms with regard to the MPP goal and propose two simple new MPP transforms.

Category / Keywords: hash functions, dedicated keys, multi-property-preserving transforms

Publication Info: A preliminary version appears in ICALP 2007

Date: received 12 Jul 2007, last revised 18 Oct 2007

Contact author: tristenp at cs ucsd edu

Available format(s): PDF | BibTeX Citation

Note: New update (October 2007) includes updates to Theorem 5.7 and Lemma 5.8 reflecting an update to "Multi-Property-Preserving Hash Domain Extension and the EMD Transform", ePrint 2006/399. Previously: There was an error in the Enveloped Shoup construction in the proceedings version, this version includes the correction.

Version: 20071018:212446 (All versions of this report)

Short URL: ia.cr/2007/271

Discussion forum: Show discussion | Start new discussion