Paper 2010/222

Some Observations on Indifferentiability

Ewan Fleischmann, Michael Gorski, and Stefan Lucks

Abstract

At Crypto 2005, Coron et al. introduced a formalism to study the presence or absence of structural flaws in iterated hash functions: If one cannot differentiate a hash function using ideal primitives from a random oracle, it is considered structurally sound, while the ability to differentiate it from a random oracle indicates a structural weakness. This model was devised as a tool to see subtle real world weaknesses while in the random oracle world. In this paper we take in a practical point of view. We show, using well known examples like NMAC and the Mix-Compress-Mix (MCM) construction, how we can prove a hash construction secure and insecure at the same time in the indifferentiability setting. These constructions do not differ in their implementation but only on an abstract level. Naturally, this gives rise to the question what to conclude for the implemented hash function. Our results cast doubts about the notion of “indifferentiability from a random oracle” to be a mandatory, practically relevant criterion (as e.g., proposed by Knudsen [16] for the SHA-3 competition) to separate good hash structures from bad ones.

Metadata
Available format(s)
PDF PS
Category
Foundations
Publication info
Published elsewhere. an extended abstract will appear in the ACISP 2010 proceedings, this is the full version
Contact author(s)
ewan fleischmann @ uni-weimar de
History
2010-04-28: received
Short URL
https://ia.cr/2010/222
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2010/222,
      author = {Ewan Fleischmann and Michael Gorski and Stefan Lucks},
      title = {Some Observations on Indifferentiability},
      howpublished = {Cryptology {ePrint} Archive, Paper 2010/222},
      year = {2010},
      url = {https://eprint.iacr.org/2010/222}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.