Cryptology ePrint Archive: Report 2016/723

Robust Multi-Property Combiners for Hash Functions

Marc Fischlin and Anja Lehmann and Krzysztof Pietrzak

Abstract: A robust combiner for hash functions takes two candidate implementations and constructs a hash function which is secure as long as at least one of the candidates is secure. So far, hash function combiners only aim at preserving a single property such as collision-resistance or pseudorandomness. However, when hash functions are used in protocols like TLS they are often required to provide several properties simultaneously.

We therefore put forward the notion of robust multi-property combiners and elaborate on different definitions for such combiners. We then propose a combiner that provably preserves (target) collision-resistance, pseudorandomness, and being a secure message authentication code. This combiner satisfies the strongest notion we propose, which requires that the combined function satisfies every security property which is satisfied by at least one of the underlying hash function. If the underlying hash functions have output length n, the combiner has output length 2n. This basically matches a known lower bound for black-box combiners for collision-resistance only, thus the other properties can be achieved without penalizing the length of the hash values. We then propose a combiner which also preserves the property of being indifferentiable from a random oracle, slightly increasing the output length to 2n + \omega(log n). Moreover, we show how to augment our constructions in order to make them also robust for the one-wayness property, but in this case require an a priory upper bound on the input length.

Category / Keywords: secret-key cryptography / hash functions, robust combiner, indifferentiability, PRF, MAC

Original Publication (in the same form): IACR-JOC-2014

Date: received 21 Jul 2016, last revised 21 Jul 2016

Contact author: anj at zurich ibm com

Available format(s): PDF | BibTeX Citation

Note: This paper appeared in Journal of Cryptology 27(3), 2014 and is the full version of the papers "Multi-Property Preserving Combiners for Hash Functions" (TCC 2008) and "Robust Multi-Property Combiners for Hash Functions Revisited" (ICALP 2008).

Version: 20160727:165346 (All versions of this report)

Short URL: ia.cr/2016/723

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]