Compression from Collisions, or Why CRHF Combiners Have a Long Output

13 years 6 months ago

Download homepages.cwi.nl

A black-box combiner for collision resistant hash functions (CRHF) is a construction which given black-box access to two hash functions is collision resistant if at least one of the components is collision resistant. In this paper we prove a lower bound on the output length of black-box combiners for CRHFs. The bound we prove is basically tight as it is achieved by a recent construction of Canetti et al [Crypto'07]. The best previously known lower bounds only ruled out a very restricted class of combiners having a very strong security reduction: the reduction was required to output collisions for both underlying candidate hash-functions given a single collision for the combiner (Canetti et al [Crypto'07] building on Boneh and Boyen [Crypto'06] and Pietrzak [Eurocrypt'07]). Our proof uses a lemma similar to the elegant "reconstruction lemma" of Gennaro and Trevisan [FOCS'00], which states that any function which is not one-way is compressible (and thus...

Krzysztof Pietrzak

Real-time Traffic

Black-box Combiners | Collision Resistant | Collision Resistant Hash | CRYPTO 2008 | Cryptology |

claim paper

Post Info
More Details (n/a)

Added	19 Oct 2010
Updated	19 Oct 2010
Type	Conference
Year	2008
Where	CRYPTO
Authors	Krzysztof Pietrzak

Comments (0)

Sciweavers

Compression from Collisions, or Why CRHF Combiners Have a Long Output

Black-box Combiners | Collision Resistant | Collision Resistant Hash | CRYPTO 2008 | Cryptology |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers