Sciweavers

Share
AFRICACRYPT
2008
Springer

How (Not) to Efficiently Dither Blockcipher-Based Hash Functions?

8 years 4 months ago
How (Not) to Efficiently Dither Blockcipher-Based Hash Functions?
Abstract. In the context of iterated hash functions, "dithering" designates the technique of adding an iteration-dependent input to the compression function in order to defeat certain generic attacks. The purpose of this paper is to identify methods for dithering blockcipher-based hash functions that provide security bounds and efficiency, contrary to the previous proposals. We considered 56 different constructions, based on the 12 secure PGV schemes. Proofs are given in the blackbox model that 12 of them preserve the bounds on collision and inversion resistance given by Black et al. These 12 schemes avoid the need for short dither values, induce negligible extra-computation, and achieve security independent of the dither sequence used. We also identify 8 schemes that lead to strong compression functions but potentially insecure hash functions. Application of our results can be considered to popular hash functions like SHA-1 or Whirlpool.
Jean-Philippe Aumasson, Raphael C.-W. Phan
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Where AFRICACRYPT
Authors Jean-Philippe Aumasson, Raphael C.-W. Phan
Comments (0)
books