Browse > Article
http://dx.doi.org/10.3745/JIPS.2010.6.4.453

Security Properties of Domain Extenders for Cryptographic Hash Functions  

Andreeva, Elena (Dept. Electrical Engineering, ESAT/COSIC and IBBT, Katholieke Universiteit Leuven)
Mennink, Bart (Dept. Electrical Engineering, ESAT/COSIC and IBBT, Katholieke Universiteit Leuven)
Preneel, Bart (Dept. Electrical Engineering, ESAT/COSIC and IBBT, Katholieke Universiteit Leuven)
Publication Information
Journal of Information Processing Systems / v.6, no.4, 2010 , pp. 453-480 More about this Journal
Abstract
Cryptographic hash functions reduce inputs of arbitrary or very large length to a short string of fixed length. All hash function designs start from a compression function with fixed length inputs. The compression function itself is designed from scratch, or derived from a block cipher or a permutation. The most common procedure to extend the domain of a compression function in order to obtain a hash function is a simple linear iteration; however, some variants use multiple iterations or a tree structure that allows for parallelism. This paper presents a survey of 17 extenders in the literature. It considers the natural question whether these preserve the security properties of the compression function, and more in particular collision resistance, second preimage resistance, preimage resistance and the pseudo-random oracle property.
Keywords
Hash Functions; Domain Extenders; Security Properties;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Bart Preneel and Rene Govaerts and Joos Vandewalle. Hash Functions Based on Block Ciphers: A Synthetic Approach. Advances in Cryptology - CRYPTO '93, Vol.773 of Lecture Notes in Computer Science, Berlin, 1993. Springer-Verlag, pp.368-378.
2 John Black and Phillip Rogaway and Thomas Shrimpton. Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV. Advances in Cryptology - CRYPTO '02, Vol.2442 of Lecture Notes in Computer Science, Berlin, 2002. Springer-Verlag, pp.320-335.   DOI   ScienceOn
3 Hidenori Kuwakado and Masakatu Morii. Indifferentiability of Single-Block-Length and Rate-1 Compression Functions. IEICE Transactions, 90-A(10):2301-2308, 2007.
4 Martijn Stam. Blockcipher-Based Hashing Revisited. Fast Software Encryption '09, Vol.5665 of Lecture Notes in Computer Science, Berlin, 2009. Springer-Verlag, pp.67-83.
5 Lei Duo and Chao Li. Improved Collision and Preimage Resistance Bounds on PGV Schemes. Cryptology ePrint Archive, Report 2006/462, 2006.
6 Zheng Gong and Xuejia Lai and Kefei Chen. A Synthetic Indifferentiability Analysis of Some Block-Cipher-Based Hash Functions. Des. Codes Cryptography, 48(3):293-305, 2008.   DOI
7 Yiyuan Luo and Zheng Gong and Ming Duan and Bo Zhu and Xuejia Lai. Revisiting the Indifferentiability of PGV Hash Functions. Cryptology ePrint Archive, Report 2009/265, 2009
8 Shai Halevi and Hugo Krawczyk. Strengthening Digital Signatures Via Randomized Hashing. Advances in Cryptology - CRYPTO '06, Vol.4117 of Lecture Notes in Computer Science, Berlin, 2006. Springer-Verlag, pp.41-59.   DOI   ScienceOn
9 Praveen Gauravaram and Lars Knudsen. On Randomizing Hash Functions to Strengthen the Security of Digital Signatures. Advances in Cryptology - EUROCRYPT '09, Vol.5479 of Lecture Notes in Computer Science, Berlin, 2009. Springer-Verlag, pp.88-105.
10 Ralph Merkle. Protocols for Public Key Cryptosystems. IEEE Symposium on Security and Privacy, 1980. IEEE Computer Society Press, pp.122-134.
11 Wonil Lee and Donghoon Chang and Sangjin Lee and Soo Hak Sung and Mridul Nandi. New Parallel Domain Extenders for UOWHF. Advances in Cryptology - ASIACRYPT '03, Vol.2894 of Lecture Notes in Computer Science, Berlin, 2003. Springer-Verlag, pp.208-227.   DOI   ScienceOn
12 Wonil Lee and Donghoon Chang and Sangjin Lee and Soo Hak Sung and Mridul Nandi. Construction of UOWHF: Two New Parallel Methods. IEICE Transactions, 88-A(1):49-58, 2005.
13 Palash Sarkar. Construction of Universal One-Way Hash Functions: Tree Hashing Revisited. Discrete Applied Mathematics, 155(16):2174-2180, 2007.   DOI   ScienceOn
14 Yevgeniy Dodis and Leonid Reyzin and Ronald Rivest and Emily Shen. Indifferentiability of Permutation-Based Compression Functions and Tree-Based Modes of Operation, with Applications to MD6. Fast Software Encryption '09, Vol.5665 of Lecture Notes in Computer Science, Berlin, 2009. Springer-Verlag, pp.104-121.
15 Guido Bertoni and Joan Daemen and Michael Peeters and Gilles van Assche. Sufficient Conditions for Sound Tree and Sequential Hashing Modes. Cryptology ePrint Archive, Report 2009/210, 2009.
16 Elena Andreeva and Gregory Neven and Bart Preneel and Thomas Shrimpton. Three-Property-Preserving Iterations of Keyless Compression Functions. ECRYPT Hash Function Workshop 2007.
17 Mihir Bellare and Ran Canetti and Hugo Krawczyk. Keying Hash Functions for Message Authentication. Advances in Cryptology - CRYPTO '96, Vol.1109 of Lecture Notes in Computer Science, Berlin, 1996. Springer-Verlag, pp.1-15.   DOI   ScienceOn
18 Shoichi Hirose and Je Hong Park and Aaram Yun. A Simple Variant of the Merkle-Damgard Scheme with a Permutation. Advances in Cryptology - ASIACRYPT '07, Vol.4833 of Lecture Notes in Computer Science, Berlin, 2007. Springer-Verlag, pp.113-129.
19 Mihir Bellare and Thomas Ristenpart. Hash Functions in the Dedicated-Key Setting: Design Choices and MPP Transforms. International Colloquium on Automata, Languages and Programming - ICALP '07, Vol.4596 of Lecture Notes in Computer Science, Berlin, 2007. Springer-Verlag, pp.399-410.
20 Mihir Bellare and Phillip Rogaway. Collision-Resistant Hashing: Towards Making UOWHFs Practical. Advances in Cryptology - CRYPTO '97, Vol.1294 of Lecture Notes in Computer Science, Berlin, 1997. Springer-Verlag, pp.470-484.   DOI   ScienceOn
21 Victor Shoup. A Composition Theorem for Universal One-Way Hash Functions. Advances in Cryptology - EUROCRYPT '00, Vol.1807 of Lecture Notes in Computer Science, Berlin, 2000. Springer-Verlag, pp.445-452.
22 Mohammad Reza Reyhanitabar and Willy Susilo and Yi Mu. Analysis of Property-Preservation Capabilities of the ROX and ESh Hash Domain Extenders. Australasian Conference on Information Security and Privacy - ACISP '09, Vol.5594 of Lecture Notes in Computer Science, Berlin, 2009. Springer-Verlag, pp.153-170.
23 Eli Biham and Orr Dunkelman. A Framework for Iterative Hash Functions - HAIFA. Cryptology ePrint Archive, Report 2007/278, 2007.
24 Charles Bouillaguet and Pierre-Alain Fouque and Adi Shamir and Sebastien Zimmer. Second Preimage Attacks on Dithered Hash Functions. Cryptology ePrint Archive, Report 2007/395, 2007.
25 Ronald Rivest. Abelian Square-Free Dithering for Iterated Hash Functions. ECRYPT Hash Function Workshop 2005.
26 Shai Niels Ferguson and Stefan Lucks and Bruce Schneier and Doug Whiting and Mihir Bellare and Tadayoshi Kohno and Jon Callas and Jesse Walker. The Skein Hash Function Family. 2009.
27 Elena Andreeva and Bart Mennink and Bart Preneel. Security Reductions of the Second Round SHA-3 Candidates. Information Security Conference - ISC '10 in Lecture Notes in Computer Science, Berlin, 2010. Springer-Verlag. To appear.
28 Donghoon Chang and Sangjin Lee and Mridul Nandi and Moti Yung. Indifferentiable Security Analysis of Popular Hash Functions with Prefix-Free Padding. Advances in Cryptology - ASIACRYPT '06, Vol.4284 of Lecture Notes in Computer Science, Berlin, 2006. Springer-Verlag, pp.283-298.   DOI   ScienceOn
29 Mihir Bellare and Thomas Ristenpart. Multi-Property-Preserving Hash Domain Extension and the EMD Transform. Advances in Cryptology - ASIACRYPT '06, Vol.4284 of Lecture Notes in Computer Science, Berlin, 2006. Springer-Verlag, pp.299-314.   DOI   ScienceOn
30 Elena Andreeva and Bart Preneel. A Three-Property-Secure Hash Function. Selected Areas in Cryptography '08, Vol.5381 of Lecture Notes in Computer Science, Berlin, 2009. Springer-Verlag, pp.228-244.
31 Donghoon Chang and Mridul Nandi. Improved Indifferentiability Security Analysis of chopMD Hash Function. Fast Software Encryption '08, Vol.5086 of Lecture Notes in Computer Science, Berlin, 2008. Springer-Verlag, pp.429-443.
32 Ewan Fleischmann and Michael Gorski and Stefan Lucks. Some Observations on Indifferentiability. Australasian Conference on Information Security and Privacy - ACISP '10, Vol.6168 of Lecture Notes in Computer Science, Berlin, 2010. Springer-Verlag, pp.117-134.
33 Yevgeniy Dodis and Thomas Ristenpart and Thomas Shrimpton. Salvaging Merkle-Damgard for Practical Applications. Advances in Cryptology - EUROCRYPT '09, Vol.5479 of Lecture Notes in Computer Science, Berlin, 2009. Springer-Verlag, pp.371-388.
34 Stefan Lucks. A Failure-Friendly Design Principle for Hash Functions. Advances in Cryptology - ASIACRYPT '05, Vol.3788 of Lecture Notes in Computer Science, Berlin, 2005. Springer-Verlag, pp.474-494.   DOI   ScienceOn
35 Hans Danilo Gligoroski and Vlastimil Klima and Svein Johan Knapskog and Mohamed El-Hadedy and Jorn Amundsen and Stig Frode Mjolsnes. Cryptographic Hash Function BLUE MIDNIGHT WISH. 2009.
36 Dan Bernstein. CubeHash specification. 2009.
37 Shai Halevi and William Hall and Charanjit Jutla. The Hash Function “Fugue”. 2009.
38 Yevgeniy Dodis and Prashant Puniya. Getting the Best Out of Existing Hash Functions; or What if We Are Stuck with SHA?. Applied Cryptography and Network Security '08, Vol.5037 of Lecture Notes in Computer Science, Berlin, 2008. Springer-Verlag, pp.156-173.   DOI   ScienceOn
39 Mridul Nandi. Characterizing Padding Rules of MD Hash Functions Preserving Collision Security. Australasian Conference on Information Security and Privacy '09, Vol.5594 of Lecture Notes in Computer Science, Berlin, 2009. Springer-Verlag, pp.171-184.
40 Ryad Benadjila and Olivier Billet and Henri Gilbert and Gilles Macario-Rat and Thomas Peyrin and Matt Robshaw and Yannick Seurin. SHA-3 Proposal: ECHO. 2009.
41 Praveen Gauravaram and Lars Knudsen and Krystian Matusiewicz and Florian Mendel and Christian Rechberger and Martin Schlaffer and Soren Thomsen. Grostl - a SHA-3 candidate. 2009.
42 Hongjun Wu. The Hash Function JH. 2009.
43 Guido Bertoni and Joan Daemen and Michael Peeters and Gilles Van Assche. The KECCAK sponge function family. 2009.
44 Christophe De Cannière and Hisayoshi Sato and Dai Watanabe. Hash Function Luffa. 2009.
45 Gaetan Leurent and Charles Bouillaguet and Pierre-Alain Fouque. SIMD is a Message Digest. 2009.
46 Emmanuel Bresson and Anne Canteaut and Benoit Chevallier-Mames and Christophe Clavier and Thomas Fuhr and Aline Gouget and Thomas Icart and Jean-Francois Misarsky and Maria Naya-Plasencia and Pascal Paillier and Thomas Pornin and Jean-Rene Reinhard and Celine Thuillet and Marion Videau. Shabal, a Submission to NIST's Cryptographic Hash Algorithm Competition. 2009.
47 Jean-Philippe Aumasson and Luca Henzen and Willi Meier and Raphael Phan. SHA-3 proposal BLAKE. 2009.
48 Ozgul Kucuk. The Hash Function Hamsi. 2009.
49 Eli Biham and Orr Dunkelman. The SHAvite-3 Hash Function. 2009.
50 Phillip Rogaway and Thomas Shrimpton. Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance. Fast Software Encryption '04, Vol.3017 of Lecture Notes in Computer Science, Berlin, 2004. Springer-Verlag, pp.371-388.
51 Amos Fiat and Adi Shamir. How to Prove Yourself: Practical Solutions to Identification and Signature Problems. Advances in Cryptology - CRYPTO '86, Vol.263 of Lecture Notes in Computer Science, Berlin, 1987. Springer-Verlag, pp.186-194.
52 John Black and Martin Cochran and Thomas Shrimpton. On the Impossibility of Highly-Efficient Blockcipher-Based Hash Functions. Advances in Cryptology - EUROCRYPT '05, Vol.3494 of Lecture Notes in Computer Science, Berlin, 2005. Springer-Verlag, pp.526-541.
53 Phillip Rogaway and John Steinberger. Security/Efficiency Tradeoffs for Permutation-Based Hashing. Advances in Cryptology - EUROCRYPT '08, Vol.4965 of Lecture Notes in Computer Science, Berlin, 2008. Springer-Verlag, pp.220-236.
54 National Institute for Standards and Technology. Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family. 2007. http://csrc.nist.gov/groups/ST/hash/documents/FR_Notice_Nov07.pdf.
55 Douglas Stinson. Some Observations on the Theory of Cryptographic Hash Functions. Des. Codes Cryptography, 38(2):259-277, 2006.   DOI
56 Phillip Rogaway. Formalizing Human Ignorance. VIETCRYPT '92, Vol.4341 of Lecture Notes in Computer Science, Berlin, 2006. Springer-Verlag, pp.211-228.   DOI   ScienceOn
57 Mihir Bellare and Phillip Rogaway. Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. ACM Conference on Computer and Communications Security, New York, 1993. ACM, pp.62-73.
58 Ueli Maurer and Renato Renner and Clemens Holenstein. Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology. Theory of Cryptography Conference '04, Vol.2951 of Lecture Notes in Computer Science, Berlin, 2004. Springer-Verlag, pp.21-39.   DOI   ScienceOn
59 Elena Andreeva and Gregory Neven and Bart Preneel and Thomas Shrimpton. Seven-Property-Preserving Iterated Hashing: ROX. Advances in Cryptology - ASIACRYPT '07, Vol.4833 of Lecture Notes in Computer Science, Berlin, 2007. Springer-Verlag, pp.130-146.   DOI   ScienceOn
60 Richard Dean. Formal Aspects of Mobile Code Security. PhD thesis, Princeton University, Princeton, 1999.
61 Xuejia Lai and James Massey. Hash Function Based on Block Ciphers. Advances in Cryptology - EUROCRYPT '92, Vol.658 of Lecture Notes in Computer Science, Berlin, 1992. Springer-Verlag, pp.55-70.
62 Guido Bertoni and Joan Daemen and Michael Peeters and Gilles Van Assche. Sponge Functions. ECRYPT Hash Function Workshop 2007.
63 Martijn Stam. Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions. Advances in Cryptology - CRYPTO '08, Vol.5157 of Lecture Notes in Computer Science, Berlin, 2008. Springer-Verlag, pp.397-412.   DOI   ScienceOn
64 Phillip Rogaway and John Steinberger. Constructing Cryptographic Hash Functions from Fixed-Key Blockciphers. Advances in Cryptology - CRYPTO '08, Vol.5157 of Lecture Notes in Computer Science, Berlin, 2008. Springer-Verlag, pp.433-450.   DOI   ScienceOn
65 Thomas Shrimpton and Martijn Stam. Building a Collision-Resistant Compression Function from Non-compressing Primitives. International Colloquium on Automata, Languages and Programming - ICALP '08, Vol.5126 of Lecture Notes in Computer Science, Berlin, 2008. Springer-Verlag, pp.643-654.   DOI
66 Guido Bertoni and Joan Daemen and Michael Peeters and Gilles van Assche. On the Indifferentiability of the Sponge Construction. Advances in Cryptology - EUROCRYPT '08, Vol.4965 of Lecture Notes in Computer Science, Berlin, 2008. Springer-Verlag, pp.181-197.
67 Lars Knudsen and Christian Rechberger and Soren Thomsen. The Grindahl Hash Functions. Fast Software Encryption '07, Vol.4593 of Lecture Notes in Computer Science, Berlin, 2007. Springer-Verlag, pp.39-57.
68 Jonathan Hoch and Adi Shamir. On the Strength of the Concatenated Hash Combiner When All the Hash Functions Are Weak. International Colloquium on Automata, Languages and Programming - ICALP '08, Vol.5126 of Lecture Notes in Computer Science, Berlin, 2008. Springer-Verlag, pp.616-630.
69 Moses Liskov. Constructing an Ideal Hash Function from Weak Ideal Compression Functions. Selected Areas in Cryptography '06, Vol.4356 of Lecture Notes in Computer Science, Berlin, 2007. Springer-Verlag, pp.358-375.
70 Bert den Boer and Antoon Bosselaers. Collisions for the compression function of MD5. Advances in Cryptology - EUROCRYPT '93, Vol.765 of Lecture Notes in Computer Science, Berlin, 1994. Springer-Verlag, pp.293-304.
71 Hans Dobbertin. The status of MD5 after a recent attack. CryptoBytes, 2(2):1-6, 1996.
72 Xiaoyun Wang and Hongbo Yu. How to Break MD5 and Other Hash Functions. Advances in Cryptology - EUROCRYPT '05, Vol.3494 of Lecture Notes in Computer Science, Berlin, 2005. Springer-Verlag, pp.19-35.
73 Xiaoyun Wang and Yiqun Lisa Yin and Hongbo Yu. Finding Collisions in the Full SHA-1. Advances in Cryptology - CRYPTO '05, Vol.3621 of Lecture Notes in Computer Science, Berlin, 2005. Springer-Verlag, pp.17-36.   DOI   ScienceOn
74 Jean-Sebastien Coron and Yevgeniy Dodis and Cecile Malinaud and Prashant Puniya. Merkle-Damgard Revisited: How to Construct a Hash Function. Advances in Cryptology - CRYPTO '05, Vol.3621 of Lecture Notes in Computer Science, Berlin, 2005. Springer-Verlag, pp.430-448.   DOI   ScienceOn
75 Antoine Joux. Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions. Advances in Cryptology - CRYPTO '04, Vol.3152 of Lecture Notes in Computer Science, Berlin, 2004. Springer-Verlag, pp.306-316.   DOI   ScienceOn
76 John Kelsey and Tadayoshi Kohno. Herding Hash Functions and the Nostradamus Attack. Advances in Cryptology - EUROCRYPT'06, Vol.4004 of Lecture Notes in Computer Science, Berlin, 2006. Springer-Verlag, pp.183-200.
77 John Kelsey and Bruce Schneier. Second Preimages on n-Bit Hash Functions for Much Less than $2^n$ Work. Advances in Cryptology - EUROCRYPT '05, Vol.3494 of Lecture Notes in Computer Science, Berlin, 2005. Springer-Verlag, pp.474-490.
78 Michael O. Rabin. Digitalized signatures. Foundations of Secure Computation, New York, 1978. Academic Press, pp.155-166.
79 Whitfield Diffie and Martin E. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, 22(6):644-654, 1976.   DOI
80 Ralph Merkle. Secrecy, Authentication, and Public Key Systems. UMI Research Press, 1979.
81 Ivan Damgard. A Design Principle for Hash Functions. Advances in Cryptology - CRYPTO '89, Vol.435 of Lecture Notes in Computer Science, Berlin, 1990. Springer-Verlag, pp.416-427.   DOI
82 Ralph Merkle. One way hash functions and DES. Advances in Cryptology - CRYPTO '89, Vol.435 of Lecture Notes in Computer Science, Berlin, 1990. Springer-Verlag, pp.428-446.   DOI