Paper 2007/465

A Synthetic Indifferentiability Analysis of Some Block-Cipher-Based Hash Functions

Zheng Gong, Xuejia Lai, and Kefei Chen

Abstract

At ASIACRYPT 2006, Chang et al. analyzed the indifferentiability of some popular hash functions based on block ciphers, namely, the twenty collision resistant PGV, the MDC2 and the PBGV hash functions, etc. In particular, two indifferentiable attacks were presented on the four of the twenty collision resistant PGV and the PBGV hash functions with the prefix-free padding. In this article, a synthetic indifferentiability analysis of some block-cipher-based hash functions is considered. First, a more precise definition is proposed on the indifferentiability adversary in block-cipher-based hash functions. Next, the advantage of indifferentiability is separately analyzed by considering whether the hash function is keyed or not. Finally, a limitation is observed in Chang et al.'s indifferentiable attacks on the four PGV and the PBGV hash functions. The formal proofs show the fact that those hash functions are indifferentiable from a random oracle in the ideal cipher model with the prefix-free padding, the NMAC/HMAC and the chop construction.

Note: A mistake in the indifferentiability simulation of PGV and PBGV is fixed.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. The paper has been published on Designs, Codes & Cryptography, Springer. 48:3 September 2008
Keywords
Block-cipher-based hash functionIndifferentiabilityRandom oracle.
Contact author(s)
cis gong @ gmail com
History
2009-08-12: last of 5 revisions
2007-12-18: received
See all versions
Short URL
https://ia.cr/2007/465
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2007/465,
      author = {Zheng Gong and Xuejia Lai and Kefei Chen},
      title = {A Synthetic Indifferentiability Analysis of Some Block-Cipher-Based Hash Functions},
      howpublished = {Cryptology {ePrint} Archive, Paper 2007/465},
      year = {2007},
      url = {https://eprint.iacr.org/2007/465}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.