Compression Function Design Principles Supporting Variable Output Lengths from a Single Small Function

Donghoon Chang; Mridul Nandi; Jesang Lee; Jaechul Sung; Seokhie Hong

Paper 2007/416

Compression Function Design Principles Supporting Variable Output Lengths from a Single Small Function

Donghoon Chang, Mridul Nandi, Jesang Lee, Jaechul Sung, and Seokhie Hong

Abstract

In this paper, we introduce new compression function design principles supporting variable output lengths (multiples of size $n$). They are based on a function or block cipher with an $n$-bit output size. In the case of the compression function with a $(t+1)n$-bit output size, in the random oracle and ideal cipher models, their maximum advantages from the perspective of collision resistance are $O(\frac{t^2q}{2^{tn}}+\frac{q^2}{2^{(t+1)n}})$. In the case of $t=1$, the advantage is near-optimal. In the case of $t>1$, the advantage is optimal.

Metadata

Available format(s): PDF PS
Publication info: Published elsewhere. Unknown where it was published
Keywords: Hash function Random oracle Ideal cipher model.
Contact author(s): pointchang @ gmail com
History: 2008-06-18: revised; 2007-11-06: received; See all versions
Short URL: https://ia.cr/2007/416
License: CC BY

BibTeX

@misc{cryptoeprint:2007/416,
      author = {Donghoon Chang and Mridul Nandi and Jesang Lee and Jaechul Sung and Seokhie Hong},
      title = {Compression Function Design Principles Supporting Variable Output Lengths from a Single Small Function},
      howpublished = {Cryptology {ePrint} Archive, Paper 2007/416},
      year = {2007},
      url = {https://eprint.iacr.org/2007/416}
}