Indifferentiability of permutation-based compression functions and tree-based modes of operation, with applications to MD6

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5665 LNCS, Issue , 2009, Pages 104-121

  Dodis, Yevgeniy ^a   Reyzin, Leonid ^b   Rivest, Ronald L ^c   Shen, Emily ^c  

^a NEW YORK UNIVERSITY   (United States)

^b BOSTON UNIVERSITY   (United States)

^c MASSACHUSETTS INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPRESSION FUNCTIONS; FAIR SHARE; FIXED INPUT LENGTHS; INDIFFERENTIABILITY; INPUT/OUTPUT BEHAVIORS; MODE OF OPERATIONS; MODES OF OPERATION; RANDOM ORACLE; STRUCTURAL FLAWS; TREE-BASED; VARIABLE INPUT LENGTHS;

COMPUTER SOFTWARE;

HASH FUNCTIONS;

EID: 70350779943     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-03317-9_7     Document Type: Conference Paper

References (22)

1. 17 operations
2. Bellare, M., Ristenpart, T.: Multi-property-preserving hash domain extension and the EMD transform. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 299-314. Springer, Heidelberg (2006)
3. Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security, pp. 62-73 (1993)
4. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge functions (May 2007), http://www.csrc.nist.gov/pki/HashWorkshop/PublicComments/2007Hay. html
5. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiabil-ity of the sponge construction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181-197. Springer, Heidelberg (2008)
6. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sufficient conditions for sound tree hashing modes. In: Handschuh, H., Lucks, S., Preneel, B., Rogaway, P. (eds.) Symmetric Cryptography. Dagstuhl Seminar Proceedings (2009), http://www.dagstuhl.de/Haterials/index.en.phtml?09031
7. Chabaud, F., Joux, A.: Differential collisions of SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56-71. Springer, Heidelberg (1998)
8. Chang, D., Lee, S., Nandi, M., Yung, M.: Indifferentiable security analysis of popular hash functions with prefix-free padding. In: Lai, X., Chen, K. (eds.) ASI-ACRYPT 2006. LNCS, vol. 4284, pp. 283-298. Springer, Heidelberg (2006)
9. Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damgård revisited: How to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430-448. Springer, Heidelberg (2005)
10. Crutchfield, C.Y.: Security proofs for the MD6 hash function mode of operation. Master's thesis, MIT EECS Department (2008), http://groups.csail.mit. edu/cis/theses/crutchfield-masters-thesis.pdf
11. Dinur, I., Shamir, A.: Cube attack on a reduced version of the compression function with 15 rounds
12. Dodis, Y., Pietrzak, K., Puniya, P.: A new mode of operation for block ciphers and length-preserving MACs. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 198-219. Springer, Heidelberg (2008)
13. Maurer, U., Renner, R., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21-39. Springer, Heidelberg (2004)
14. National Institute of Standards and Technology. Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3) family. Federal Register Notices, vol. 72(212), pp. 62212-62220 (November 2, 2007), http://csrc.nist.gov/groups/ST/hash/documents/FR-Notice-Nov07.pdf
15. National Institute of Standards and Technology. Announcing the development of new hash algorithm(s) for the revision of Federal Information Processing Standard (FIPS) 1802, secure hash standard. Federal Register Notices, vol. 72(14), pp. 2861-2863 (January 23, 2007), http://csrc.nist.gov/groups/ST/ hash/documents/FR-Notice-Jan07.pdf
16. Rivest, R.L.: Slides from invited talk at Crypto 2008 (2008), http://group.csail.mit.edu/cis/mde/Rivest-TheHD6HashFunction.ppt
17. Rivest, R.L., Agre, B., Bailey, D.V., Crutchfield, C., Dodis, Y., Fleming, K.E., Khan, A., Krishnamurthy, J., Lin, Y., Reyzin, L., Shen, E., Sukha, J., Sutherland, D., Tromer, E., Yin, Y.L.: The MD6 hash function: A proposal to NIST for SHA-3 (2008), http://groups.csail.mit.edu/cis/md6/ submitted-2008-10-27/Supporting-Documentation/md6-report.pdf
18. Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the hash functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1-18. Springer, Heidelberg (2005)
19. Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17-36. Springer, Heidelberg (2005)
20. Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19-35. Springer, Heidelberg (2005)
21. Wang, X., Yu, H., Yin, Y.L.: Efficient Collision Search Attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1-16. Springer, Heidelberg (2005)
22. Yu, H., Wang, X.: Multicollision attack on the compression functions of MD4 and 3-pass HAVAL. IACR ePrint Archive, Report 2007/085 (2007), http://eprint.iacr.org/2007/085