Summary
|
For Full-Text PDF, please login, if you are a member of IEICE, or go to Pay Per View on menu list, if you are a nonmember of IEICE. |
|
Indifferentiability of Single-Block-Length and Rate-1 Compression Functions Hidenori KUWAKADO Masakatu MORII Publication IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences Vol.E90-A No.10 pp.2301-2308 Publication Date: 2007/10/01 Online ISSN: 1745-1337 DOI: 10.1093/ietfec/e90-a.10.2301 Print ISSN: 0916-8508 Type of Manuscript: PAPER Category: Information Security Keyword: cryptography, hash function, compression function, block cipher, Full Text: PDF(223.7KB)>>
Summary: The security notion of indifferentiability was proposed by Maurer, Renner, and Holenstein in 2004. In 2005, Coron, Dodis, Malinaud, and Puniya discussed the indifferentiability of hash functions. They have shown that the Merkle-Damgård construction is not secure in the sense of indifferentiability. In this paper, we analyze the security of single-block-length and rate-1 compression functions in the sense of indifferentiability. We formally show that all single-block-length and rate-1 compression functions, which include the Davies-Meyer compression function, are insecure. Furthermore, we show how to construct a secure single-block-length and rate-1 compression function in the sense of indifferentiability. This does not contradict our result above. | ||||||||||
| ||||||||||
