Paper 2007/416

Compression Function Design Principles Supporting Variable Output Lengths from a Single Small Function

Donghoon Chang, Mridul Nandi, Jesang Lee, Jaechul Sung, and Seokhie Hong

Abstract

In this paper, we introduce new compression function design principles supporting variable output lengths (multiples of size $n$). They are based on a function or block cipher with an $n$-bit output size. In the case of the compression function with a $(t+1)n$-bit output size, in the random oracle and ideal cipher models, their maximum advantages from the perspective of collision resistance are $O(\frac{t^2q}{2^{tn}}+\frac{q^2}{2^{(t+1)n}})$. In the case of $t=1$, the advantage is near-optimal. In the case of $t>1$, the advantage is optimal.

Metadata
Available format(s)
PDF PS
Publication info
Published elsewhere. Unknown where it was published
Keywords
Hash functionRandom oracleIdeal cipher model.
Contact author(s)
pointchang @ gmail com
History
2008-06-18: revised
2007-11-06: received
See all versions
Short URL
https://ia.cr/2007/416
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2007/416,
      author = {Donghoon Chang and Mridul Nandi and Jesang Lee and Jaechul Sung and Seokhie Hong},
      title = {Compression Function Design Principles Supporting Variable Output Lengths from a Single Small Function},
      howpublished = {Cryptology {ePrint} Archive, Paper 2007/416},
      year = {2007},
      url = {https://eprint.iacr.org/2007/416}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.