Cryptology ePrint Archive: Report 2004/035

Cryptographic Hash-Function Basics: Definitions, Implications and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance

Phillip Rogaway and Thomas Shrimpton

Abstract: We consider basic notions of security for cryptographic hash functions: collision resistance, preimage resistance, and second-preimage resistance. We give seven different definitions that correspond to these three underlying ideas, and then we work out all of the implications and separations among these seven definitions within the concrete-security, provable-security framework. Because our results are concrete, we can show two types of implications, "conventional" and "provisional", where the strength of the latter depends on the amount of compression achieved by the hash function. We also distinguish two types of separations, "conditional" and "unconditional". When constructing counterexamples for our separations, we are careful to preserve specified hash-function domains and ranges; this rules out some pathological counterexamples and makes the separations more meaningful in practice.

Four of our definitions are standard while three appear to be new; some of our relations and separations have appeared, others have not. Here we give a modern treatment that acts to catalog, in one place and with carefully-considered nomenclature, the most basic security notions for cryptographic hash functions.

Category / Keywords: foundations / collision resistance, cryptographic hash functions, preimage resistance, provable security, second-preimage resistance

Publication Info: Appeared at FSE'04

Date: received 10 Feb 2004, last revised 9 Aug 2009

Contact author: rogaway at cs ucdavis edu

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: Revised to correct the erroneous claim that everywhere preimage-resistance (ePre) implies preimage-resistance (Pre). Thanks to Elena Andreeva and Martijn Stam for pointing out the problem.

Version: 20090809:234115 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]