Cryptology ePrint Archive: Report 2021/1469

New Indifferentiability Security Proof of MDPH Hash Function

Chun Guo and Tetsu Iwata and Kazuhiko Minematsu

Abstract: MDPH is a double-block-length hash function proposed by Naito at Latincrypt 2019.This is a combination of Hirose's compression function and the domain extender called Merkle-Damg\r{a}rd with permutation (MDP). When instantiated with an $n$-bit block cipher, Naito proved that this achieves the (nearly) optimal indifferentiable security bound of $O(n-\log n)$-bit security. In this paper, we first point out that the proof of the claim contains a gap, which is related to the definition of the simulator in simulating the decryption of the block cipher. We then show that the proof can be fixed. We introduce a new simulator that addresses the issue, showing that MDPH retains its (nearly) optimal indifferentiable security bound of $O(n-\log n)$-bit security.

Category / Keywords: secret-key cryptography / Hash function, MDPH, Indifferentiability

Date: received 2 Nov 2021

Contact author: chun guo at sdu edu cn, tetsu iwata at nagoya-u jp, k-minematsu at nec com

Available format(s): PDF | BibTeX Citation

Version: 20211106:155121 (All versions of this report)

Short URL: ia.cr/2021/1469


[ Cryptology ePrint archive ]