Paper 2010/566

Blockcipher-based Double-length Hash Functions for Pseudorandom Oracles

Yusuke Naito


The notion of PRO (pseudorandom oracle) is an important security notion of hash functions because a PRO hash function inherits all properties of a random oracle up to the PRO bound (e.g., security against generic attacks, collision resistant security, preimage resistant security and so on). In this paper, we propose a new block cipher-based double-length hash function for PROs. Our hash function uses a single block cipher, which encrypts an $n$-bit string using a $2n$-bit key, and maps an input of arbitrary length to a $2n$-bit output. Since many block ciphers supports a $2n$-bit key (e.g. AES supports a $256$-bit key), the assumption to use the $2n$-bit key length block cipher is acceptable. We prove that our hash function is PRO up to $\order(2^n)$ query complexity as long as the block cipher is an ideal cipher. To our knowledge, this is the first time double-length hash function based on a single (practical size) block cipher with the birthday type PRO security.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
tolucky tigers @ gmail com
2011-05-11: last of 8 revisions
2010-11-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Yusuke Naito},
      title = {Blockcipher-based Double-length Hash Functions for Pseudorandom Oracles},
      howpublished = {Cryptology ePrint Archive, Paper 2010/566},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.