Paper 2023/217

Indifferentiability of the Sponge Construction with a Restricted Number of Message Blocks

Charlotte Lefevre, Radboud University Nijmegen
Abstract

The sponge construction is a popular method for hashing. Quickly after its introduction, the sponge was proven to be tightly indifferentiable from a random oracle up to $ \approx 2^{c/2}$ queries, where $c$ is the capacity. However, this bound is not tight when the number of message blocks absorbed is restricted to $\ell <\lceil \frac{c}{2(b-c)}\rceil + 1$ (but still an arbitrary number of blocks can be squeezed). In this work, we show that this restriction leads to indifferentiability from a random oracle up to $\approx \min \left\{2^{b/2}, \max\left\{2^{c/2}, 2^{b- \ell \times (b-c)} \right\}\right\}$ queries, where $b>c$ is the permutation size. Depending on the parameters chosen, this result allows to have enhanced security or to absorb at a larger rate for applications that require a fixed-length input hash function.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published by the IACR in TOSC 2023
Keywords
spongelightweight cryptographyindifferentiability
Contact author(s)
charlotte lefevre @ ru nl
History
2023-02-20: approved
2023-02-17: received
See all versions
Short URL
https://ia.cr/2023/217
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/217,
      author = {Charlotte Lefevre},
      title = {Indifferentiability of the Sponge Construction with a Restricted Number of Message Blocks},
      howpublished = {Cryptology ePrint Archive, Paper 2023/217},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/217}},
      url = {https://eprint.iacr.org/2023/217}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.