Cryptology ePrint Archive: Report 2010/566

Blockcipher-based Double-length Hash Functions for Pseudorandom Oracles

Yusuke Naito

Abstract: The notion of PRO (pseudorandom oracle) is an important security notion of hash functions because a PRO hash function inherits all properties of a random oracle up to the PRO bound (e.g., security against generic attacks, collision resistant security, preimage resistant security and so on). In this paper, we propose a new block cipher-based double-length hash function for PROs. Our hash function uses a single block cipher, which encrypts an $n$-bit string using a $2n$-bit key, and maps an input of arbitrary length to a $2n$-bit output. Since many block ciphers supports a $2n$-bit key (e.g. AES supports a $256$-bit key), the assumption to use the $2n$-bit key length block cipher is acceptable. We prove that our hash function is PRO up to $\order(2^n)$ query complexity as long as the block cipher is an ideal cipher. To our knowledge, this is the first time double-length hash function based on a single (practical size) block cipher with the birthday type PRO security.

Category / Keywords: secret-key cryptography /

Date: received 7 Nov 2010, last revised 10 May 2011

Contact author: tolucky tigers at gmail com

Available formats: PDF | BibTeX Citation

Version: 20110511:021845 (All versions of this report)

Discussion forum: Show discussion | Start new discussion