Paper 2006/485

Indifferentiability of Single-Block-Length and Rate-1 Compression Functions

Hidenori Kuwakado and Masakatu Morii

Abstract

The security notion of indifferentiability was proposed by Maurer, Renner, and Holenstein in 2004. In 2005, Coron, Dodis, Malinaud, and Puniya discussed the indifferentiability of hash functions. They showed that the Merkle-Damgaard construction is not secure in the sense of indifferentiability. In this paper, we analyze the security of single-block-length and rate-1 compression functions in the sense of indifferentiability. We formally show that all single-block-length and rate-1 compression functions, which include the Davies-Meyer compression function, are insecure. Furthermore, we show how to construct a secure single-block-length and rate-1 compression function in the sense of indifferentiability. This does not contradict our result above.

Note: - Correction: the definition of rate. This correction have no effect on our results. - Correction: typo

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
hash functions
Contact author(s)
kuwakado @ kobe-u ac jp
History
2007-01-08: revised
2006-12-29: received
See all versions
Short URL
https://ia.cr/2006/485
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2006/485,
      author = {Hidenori Kuwakado and Masakatu Morii},
      title = {Indifferentiability of Single-Block-Length and Rate-1 Compression Functions},
      howpublished = {Cryptology ePrint Archive, Paper 2006/485},
      year = {2006},
      note = {\url{https://eprint.iacr.org/2006/485}},
      url = {https://eprint.iacr.org/2006/485}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.