Paper 2019/492

Decisional second-preimage resistance: When does SPR imply PRE?

Daniel J. Bernstein and Andreas Hülsing

Abstract

There is a well-known gap between second-preimage resistance and preimage resistance for length-preserving hash functions. This paper introduces a simple concept that fills this gap. One consequence of this concept is that tight reductions can remove interactivity for multi-target length-preserving preimage problems, such as the problems that appear in analyzing hash-based signature systems. Previous reduction techniques applied to only a negligible fraction of all length-preserving hash functions, presumably excluding all off-the-shelf hash functions.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
A minor revision of an IACR publication in ASIACRYPT 2019
Keywords
cryptographic hash functionspreimage resistancesecond-preimage resistanceprovable securitytight reductionsmulti-target attackshash-based signatures
Contact author(s)
authorcontact-dspr @ box cr yp to
History
2019-09-23: revised
2019-05-20: received
See all versions
Short URL
https://ia.cr/2019/492
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/492,
      author = {Daniel J.  Bernstein and Andreas Hülsing},
      title = {Decisional second-preimage resistance: When does {SPR} imply {PRE}?},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/492},
      year = {2019},
      url = {https://eprint.iacr.org/2019/492}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.