## Cryptology ePrint Archive: Report 2021/1469

New Indifferentiability Security Proof of MDPH Hash Function

Chun Guo and Tetsu Iwata and Kazuhiko Minematsu

Abstract: MDPH is a double-block-length hash function proposed by Naito at Latincrypt 2019.This is a combination of Hirose's compression function and the domain extender called Merkle-Damg\r{a}rd with permutation (MDP). When instantiated with an $n$-bit block cipher, Naito proved that this achieves the (nearly) optimal indifferentiable security bound of $O(n-\log n)$-bit security. In this paper, we first point out that the proof of the claim contains a gap, which is related to the definition of the simulator in simulating the decryption of the block cipher. We then show that the proof can be fixed. We introduce a new simulator that addresses the issue, showing that MDPH retains its (nearly) optimal indifferentiable security bound of $O(n-\log n)$-bit security.

Category / Keywords: secret-key cryptography / Hash function, MDPH, Indifferentiability