Indifferentiability of the Sponge Construction with a Restricted Number of Message Blocks

Charlotte Lefevre

Paper 2023/217

Indifferentiability of the Sponge Construction with a Restricted Number of Message Blocks

Charlotte Lefevre, Radboud University Nijmegen

Abstract

The sponge construction is a popular method for hashing. Quickly after its introduction, the sponge was proven to be tightly indifferentiable from a random oracle up to $\approx 2^{c / 2}$ queries, where $c$ is the capacity. However, this bound is not tight when the number of message blocks absorbed is restricted to $ℓ < ⌈ \frac{c}{2 (b - c)} ⌉ + 1$ (but still an arbitrary number of blocks can be squeezed). In this work, we show that this restriction leads to indifferentiability from a random oracle up to $\approx min {2^{b / 2}, max {2^{c / 2}, 2^{b - ℓ \times (b - c)}}}$ queries, where $b > c$ is the permutation size. Depending on the parameters chosen, this result allows to have enhanced security or to absorb at a larger rate for applications that require a fixed-length input hash function.

Metadata

Available format(s): PDF
Category: Secret-key cryptography
Publication info: Published by the IACR in TOSC 2023
Keywords: sponge lightweight cryptography indifferentiability
Contact author(s): charlotte lefevre @ ru nl
History: 2023-02-20: approved; 2023-02-17: received; See all versions
Short URL: https://ia.cr/2023/217
License: CC BY

BibTeX

@misc{cryptoeprint:2023/217,
      author = {Charlotte Lefevre},
      title = {Indifferentiability of the Sponge Construction with a Restricted Number of Message Blocks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/217},
      year = {2023},
      url = {https://eprint.iacr.org/2023/217}
}