Abstract
In the context of iterated hash functions, “dithering” designates the technique of adding an iteration-dependent input to the compression function in order to defeat certain generic attacks. The purpose of this paper is to identify methods for dithering blockcipher-based hash functions that provide security bounds and efficiency, contrary to the previous proposals. We considered 56 different constructions, based on the 12 secure PGV schemes. Proofs are given in the blackbox model that 12 of them preserve the bounds on collision and inversion resistance given by Black et al. These 12 schemes avoid the need for short dither values, induce negligible extra-computation, and achieve security independent of the dither sequence used. We also identify 8 schemes that lead to strong compression functions but potentially insecure hash functions. Application of our results can be considered to popular hash functions like SHA-1 or Whirlpool.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andreeva, E., Bouillaguet, C., Fouque, P.-A., Hoch, J., Kelsey, J., Shamir, A., Zimmer, S.: Second preimage attacks on dithered hash functions. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965. Springer, Heidelberg (2008)
Barreto, P., Rijmen, V.: The Whirlpool hashing function. First Open NESSIE Workshop (2000)
Bernstein, D.J.: The Rumba20 compression function. In: Function introduced in [4], http://cr.yp.to/rumba20.html
Bernstein, D.J.: What output size resists collisions in a xor of independent expansions? In: ECRYPT Workshop on Hash Functions (2007) see, http://cr.yp.to/rumba20.html#expandxor
Biham, E.: Recent advances in hash functions - the way to go. In: ECRYPT Hash Function Workshop (2005)
Biham, E., Dunkelman, O.: A framework for iterative hash functions - HAIFA. In: Cryptology ePrint Archive, Report 2007/278 (2007); Previously presented at the second NIST Hash Function Workshop (2006)
Biryukov, A., Wagner, D.: Slide attacks. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 245–259. Springer, Heidelberg (1999)
Black, J., Cochran, M., Shrimpton, T.: On the impossibility of highly-efficient blockcipher-based hash functions. In: Cramer [15], pp. 526–541
Black, J., Rogaway, P., Shrimpton, T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. Cryptology ePrint Archive, Report 2002/066, Full version of [10] (2002)
Black, J., Rogaway, P., Shrimpton, T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 330–335. Springer, Heidelberg (2002)
Boneh, D., Boyen, X.: On the impossibility of efficiently combining collision resistant hash functions. In: Dwork [18], pp. 570–583
Bouillaguet, C., Fouque, P.-A., Shamir, A., Zimmer, S.: Second preimage attacks on dithered hash functions. Cryptology ePrint Archive, Report 2007/395. See also [1].
Brassard, G. (ed.): CRYPTO 1989. LNCS, vol. 435. Springer, Heidelberg (1990)
Chang, D., Gupta, K.C., Nandi, M.: A new hash function based on RC4. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 80–94. Springer, Heidelberg (2006)
Cramer, R.J.F. (ed.): EUROCRYPT 2005. LNCS, vol. 3494. Springer, Heidelberg (2005)
Damgård, I.: A design principle for hash functions. In: Brassard [13], pp. 416–427.
Dean, R.D.: Formal Aspects of Mobile Code Security. PhD thesis, Princeton University (1999)
Dwork, C. (ed.): CRYPTO 2006. LNCS, vol. 4117. Springer, Heidelberg (2006)
Filho, D.G., Barreto, P., Rijmen, V.: The Maelstrom-0 hash function. In: 6th Brazilian Symposium on Information and Computer Security (2006)
Gauravaram, P., Kelsey, J.: Cryptanalysis of a class of cryptographic hash functions. In: Cryptology ePrint Archive, Report 2007/277 (2007)
Halevi, S., Krawczyk, H.: Strengthening digital signatures via randomized hashing. In: Dwork [18], pp. 41–59
Joux, A.: Multicollisions in iterated hash functions. application to cascaded constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)
Kelsey, J., Kohno, T.: Herding hash functions and the Nostradamus attack. In: First NIST Cryptographic Hash Function Workshop (2005)
Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than 2n work. In: Cramer [15], pp. 474–490
Knudsen, L.: Hash functions and SHA-3. In: FSE 2008 (2008)
Knudsen, L., Rijmen, V.: Known-key distinguishers for some block ciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 315–324. Springer, Heidelberg (2007)
Knudsen, L.R., Rechberger, C., Thomsen, S.S.: The Grindahl hash functions. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 39–57. Springer, Heidelberg (2007)
Lai, X., Massey, J.: Hash function based on block ciphers. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 55–70. Springer, Heidelberg (1993)
Lee, W., Nandi, M., Sarkar, P., Chang, D., Lee, S., Sakurai, K.: PGV-style block-cipher-based hash families and black-box analysis. IEICE Transactions 88-A(1), 39–48 (2005)
Matyas, S., Meyer, C., Oseas, J.: Generating strong one-way functions with cryptographic algorithm. IBM Technical Disclosure Bulletin 27(10A), 5658–5659 (1985)
Merkle, R.C.: One way hash functions and DES. In: Brassard [13], pp. 428–446
Mironov, I.: Hash functions: From Merkle-Damgård to Shoup. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 166–181. Springer, Heidelberg (2001)
Miyaguchi, S., Ohta, K., Iwata, M.: New 128-bit hash function. In: 4th International Joint Workshop on Computer Communications, pp. 279–288 (1989)
Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: STOC, pp. 33–43. ACM, New York (1989)
Pietrzak, K.: Non-trivial black-box combiners for collision-resistant hash-functions don’t exist. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 23–33. Springer, Heidelberg (2007)
Pohlmann, K.: Principles of Digital Audio, 4th edn. McGraw-Hill, New York (2005)
Preneel, B., Bosselaers, A., Govaerts, R., Vandewalle, J.: Collision-free hash functions based on block cipher algorithms. In: Carnahan Conference on Security Technology, pp. 203–210 (1989)
Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: A synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994)
Quisquater, J.-J., Girault, M.: 2n-bit hash-functions using n-bit symmetric block cipher algorithms. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 102–109. Springer, Heidelberg (1990)
Rabin, M.: Digitalized signatures. In: Lipton, R., DeMillo, R. (eds.) Foundations of Secure Computation, pp. 155–166. Academic Press, London (1978)
Rivest, R.: Abelian square-free dithering for iterated hash functions. In: ECRYPT Workshop on Hash Functions, Also presented in [42] (2005)
Rivest, R.: Abelian square-free dithering for iterated hash functions. In: NIST Hash Function Workshop (2005)
Rogaway, P., Steinberger, J.: Security/efficiency tradeoffs for permutation-based hashing. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, Springer, Heidelberg (to appear, 2008)
Shoup, V.: A composition theorem for universal one-way hash functions. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 445–452. Springer, Heidelberg (2000)
Shrimpton, T., Stam, M.: Building a collision-resistant compression function from non-compressing primitives. In: Cryptology ePrint Archive, Report 2007/409 (2007)
Stam, M.: Another glance at blockcipher based hashing. Cryptology ePrint Archive, Report 2008/071 (2008)
Wikipedia. Dither — Wikipedia, The Free Encyclopedia, Accessed (November 22, 2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aumasson, JP., Phan, R.C.W. (2008). How (Not) to Efficiently Dither Blockcipher-Based Hash Functions?. In: Vaudenay, S. (eds) Progress in Cryptology – AFRICACRYPT 2008. AFRICACRYPT 2008. Lecture Notes in Computer Science, vol 5023. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68164-9_21
Download citation
DOI: https://doi.org/10.1007/978-3-540-68164-9_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68159-5
Online ISBN: 978-3-540-68164-9
eBook Packages: Computer ScienceComputer Science (R0)