Paper 2010/222
Some Observations on Indifferentiability
Ewan Fleischmann, Michael Gorski, and Stefan Lucks
Abstract
At Crypto 2005, Coron et al. introduced a formalism to study the presence or absence of structural flaws in iterated hash functions: If one cannot differentiate a hash function using ideal primitives from a random oracle, it is considered structurally sound, while the ability to differentiate it from a random oracle indicates a structural weakness. This model was devised as a tool to see subtle real world weaknesses while in the random oracle world. In this paper we take in a practical point of view. We show, using well known examples like NMAC and the Mix-Compress-Mix (MCM) construction, how we can prove a hash construction secure and insecure at the same time in the indifferentiability setting. These constructions do not differ in their implementation but only on an abstract level. Naturally, this gives rise to the question what to conclude for the implemented hash function. Our results cast doubts about the notion of “indifferentiability from a random oracle” to be a mandatory, practically relevant criterion (as e.g., proposed by Knudsen [16] for the SHA-3 competition) to separate good hash structures from bad ones.
Metadata
- Available format(s)
- PDF PS
- Category
- Foundations
- Publication info
- Published elsewhere. an extended abstract will appear in the ACISP 2010 proceedings, this is the full version
- Contact author(s)
- ewan fleischmann @ uni-weimar de
- History
- 2010-04-28: received
- Short URL
- https://ia.cr/2010/222
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2010/222, author = {Ewan Fleischmann and Michael Gorski and Stefan Lucks}, title = {Some Observations on Indifferentiability}, howpublished = {Cryptology {ePrint} Archive, Paper 2010/222}, year = {2010}, url = {https://eprint.iacr.org/2010/222} }