Efficient Pseudorandom-Function Modes of a Block-Cipher-Based Hash Function
スポンサーリンク
概要
- 論文の詳細を見る
This article discusses the provable security of pseudo-random-function (PRF) modes of an iterated hash function using a block cipher. The iterated hash function uses the Matyas-Meyer-Oseas (MMO) mode for the compression function and the Merkle-Damgård with a permutation (MDP) for the domain extension transform. It is shown that the keyed-via-IV mode and the key-prefix mode of the iterated hash function are pseudorandom functions if the underlying block cipher is a pseudorandom permutation under a related-key attack with respect to the permutation used in MDP. More precisely, the key-prefix mode also requires that EIV(K) ⊕ K is pseudoramdom, where E is the underlying block cipher, IV is the fixed initial value of the hash function, and K is a secret key. It is also confirmed that the MMO compression function is the best choice with MDP among the block-cipher-based compression functions in the Preneel-Govaerts-Vandewalle model in terms of the provable security.
- (社)電子情報通信学会の論文
- 2009-10-01
著者
-
KUWAKADO Hidenori
Graduate School of Engineering, Kobe University
-
Hirose Shoichi
Graduate School of Engineering, The University of Fukui
-
Hirose Shoichi
Graduate School Of Engineering The Univ. Of Fukui
-
Kuwakado Hidenori
Graduate School Of Engineering Kobe University
関連論文
- Differentiability of four prefix-free PGV hash functions
- A Chosen-IV Key Recovery Attack on Py and Pypy
- Sequential Bitwise Sanitizable Signature Schemes
- Weak Security Notions of Cryptographic Unkeyed Hash Functions and Their Amplifiability(Symmetric Key Cryptography)(Cryptography and Information Security)
- A note on practical key derivation functions (情報処理)
- A Note on the Strength of Weak Collision Resistance(Discrete Mathematics and Its Applications)
- An Approximate Scheme of Oblivious Transfer with Probabilistic Receipt (Information Security)
- An Approximate Scheme of Oblivious Transfer with Probabilistic Receipt
- A note on practical key derivation functions (情報セキュリティ)
- Cancellation Moderating Factor Control for DS-CDMA Non-linear Interference Canceller with Antenna Diversity Reception(Wireless Communication Technology, Multi-dimensional Mobile Information Networks)
- Multistage Interference Canceller Combined with Adaptive Array Antenna for DS-CDMA System(Special Section on Multi-dimensional Mobile Information Networks)
- A Chosen-IV Key Recovery Attack on Py and Pypy
- Efficient Pseudorandom-Function Modes of a Block-Cipher-Based Hash Function
- Collision Resistance of Double-Block-Length Hash Function against Free-Start Attack
- A-6-8 Improved Bitslice Network for Computing the TIB3 S-Box
- Fast WEP-Key Recovery Attack Using Only Encrypted IP Packets
- S-Box Bitslice Networks as Network Computing
- Compression Functions Suitable for the Multi-Property-Preserving Transform
- Sequential Bitwise Sanitizable Signature Schemes
- Generalized Classes of Weak Keys on RC4 Using Predictive State
- A-7-1 Related-Key Cube Attack on KATAN48
- A Note on Practical Key Derivation Functions
- An AES Based 256-bit Hash Function for Lightweight Applications: Lesamnta-LW
- Collision Resistance of Hash Functions in a Weak Ideal Cipher Model
- An AES Based 256-bit Hash Function for Lightweight Applications : Lesamnta-LW
- A Block-Cipher-Based Hash Function Using an MMO-Type Double-Block Compression Function
- A Block-Cipher-Based Hash Function Using an MMO-Type Double-Block Compression Function
- A Block-Cipher-Based Hash Function Using an MMO-Type Double-Block Compression Function
- Secure Regenerating Codes Based on Rashmi-Shah-Kumar MBR Codes
- Lightweight Hashing Mode Using Lesamnta-LW Compression Function and MDP Domain Extension
- Multilane Hashing Mode Suitable for Parallel Processing
- Lightweight Hashing Mode Using Lesamnta-LW Compression Function and MDP Domain Extension (ライフインテリジェンスとオフィス情報システム)