## CryptoDB

### Duo Lei

#### Publications

Year
Venue
Title
2006
EPRINT
The paper discusses the security of hash function with Merkle-Damg{\aa}rd construction and provides the complexity bound of finding a collision and primage of hash function based on the condition probability of compression function $y=F(x,k)$. we make a conclusion that in Merkle-Damma{\aa}rd construction, the requirement of free start collision resistant and free start collision resistant on compression function is not necessary and it is enough if the compression function with properties of fix start collision resistant and fix start preimage resistant. However, the condition probability $P_{Y|X=x}(y)$ and $P_{Y|K=k}(y)$ of compression function $y=F(x,k)$ have much influence on the security of the hash function. The best design of compression function should have properties of that $P_{Y|X=x}(y)$ and $P_{Y|K=k}(y)$ are both uniformly distributed for all $x$ and $k$. At the end of the paper, we discussed the block cipher based hash function, point out among the the 20 schemes, selected by PGV\cite{Re:Preneel} and BPS\cite{Re:JBlack}, the best scheme is block cipher itself, if the block cipher with perfect security and perfect key distribution.
2006
EPRINT
In this paper, we give a integrated proof method on security proof of iterated hash structure. Based on the proof method, we can distinguish the security of Merkel-Damag{\aa}rd structure, wide-pipe hash, double-pipe hash and 3c hash and know the requirement on true design compression function, we also give a new recommend structure. At last, we give a new hash structure, MAC structure, encryption model, and which use same block cipher round function and key schedule algorithm and are based on Feistel structure, the security proofs on those structures are also given.
2005
EPRINT
The Feistel structure is well-known as a good structure for building block ciphers, due to its property of invertibility. It can be made non-invertible by fixing the left half of the input to 0, and by discarding the left half of the output bits. It then becomes suitable as a hash function construction. This paper uses the structure to build a hash function called F-Hash, which is immune to recent attack styles. In this paper, a more precise evaluation method, based upon conditional probability, is given.
2005
EPRINT
Preneel, Govaerts, and Vandewalle[12] considered the 64 most basic ways to construct a hash function from a block cipher, and regarded 12 of these 64 schemes as secure. Black, Pogaway and Shrimpton[3] proved that, in black-box model, the 12 schemes that PGV singled out as secure really are secure and given tight upper and lower bounds on their collision resistance. And also they pointed out, by stepping outside of the Merkle-Damgard[5] approach to analysis, an additional 8 of the 64 schemes are just as collision resistant as the first group of schemes. In this paper we point out that the 12 compression functions that PGV singled out are free start collision resistant and others are not, the additional 8 compression functions are only fix start collision resistant as singled out by BRS, the hash functions based on those 20 schemes are fix start collision resistant, the upper bound of collision resistance and preimage resistant are given based on conditional probability of compression function, not based on assumption of random oracle model, the bounds have more practical value than the bounds given by BRS. In view point of collision resistant, the best 4 schemes are not among the 12 schemes singled by PGV, and among the 8 schemes point out by BRS, and block cipher E itself is the best compression to build a collision resistant hash function. At the end of the paper, two recommend structure of block cipher based hash function are given, and a prove of their securities are also given.

Li Chao (1)
Keqin Feng (1)
Da Lin (1)
Longjiang Qu (1)