When based on $n$-bit key blockciphers, our construction, being of rate 1/2, provides better provable security than MDC-2, the only known construction of a rate-1/2 double-length hash function based on an $n$-bit key blockcipher with non-trivial provable security. Moreover, since key scheduling is performed only once per message block for MJH, our proposal significantly outperforms MDC-2 in efficiency.
When based on a $2n$-bit key blockcipher, we can use the extra $n$ bits of key to increase the amount of payload accordingly. Thus we get a rate-1 hash function that is much faster than existing proposals, such as Tandem-DM with comparable provable security. The proceedings version of this paper appeared in CT-RSA 2011.Category / Keywords: secret-key cryptography / hash function, blockcipher, provable security, collision resistance Original Publication (in the same form): DESIGNS, CODES AND CRYPTOGRAPHY