International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

On the Security of Iterated Hashing based on Forgery-resistant Compression Functions

Authors:
Charles Bouillaguet
Orr Dunkelman
Pierre-Alain Fouque
Antoine Joux
Download:
URL: http://eprint.iacr.org/2009/077
Search ePrint
Search Google
Abstract: In this paper we re-examine the security notions suggested for hash functions, with an emphasis on the delicate notion of second preimage resistance. We start by showing that, in the random oracle model, both Merkle-Damgaard and HAIFA achieve second preimage resistance beyond the birthday bound, and actually up to the level of known generic attacks, hence demonstrating the optimality of HAIFA in this respect. We then try to distill a more elementary requirement out of the compression function to get some insight on the properties it should have to guarantee the second preimage resistance of its iteration. We show that if the (keyed) compression function is a secure FIL-MAC then the Merkle-Damgaard mode of iteration (or HAIFA) still maintains the same level of second preimage resistance. We conclude by showing that this ``new'' assumption (or security notion) implies the recently introduced Preimage-Awareness while ensuring all other classical security notions for hash functions.
BibTeX
@misc{eprint-2009-18279,
  title={On the Security of Iterated Hashing based on Forgery-resistant Compression Functions},
  booktitle={IACR Eprint archive},
  keywords={foundations /},
  url={http://eprint.iacr.org/2009/077},
  note={ charles.bouillaguet@ens.fr 14291 received 16 Feb 2009},
  author={Charles Bouillaguet and Orr Dunkelman and Pierre-Alain Fouque and Antoine Joux},
  year=2009
}