Indifferentiable hash functions in the standard model
Abstract Indifferentiability of iterated hash functions is seen as evidence that there are no structural flaws in the iteration structure of the algorithm. However, it is often overlooked that such considerations only hold in the random oracle model and do not give any guarantee in the standard mode...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2021-07-01
|
| Series: | IET Information Security |
| Subjects: | |
| Online Access: | https://doi.org/10.1049/ise2.12025 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832558675784368128 |
|---|---|
| author | Juha Partala |
| author_facet | Juha Partala |
| author_sort | Juha Partala |
| collection | DOAJ |
| description | Abstract Indifferentiability of iterated hash functions is seen as evidence that there are no structural flaws in the iteration structure of the algorithm. However, it is often overlooked that such considerations only hold in the random oracle model and do not give any guarantee in the standard model. In this article, we show the following separation result: there is a hash function that is indifferentiable from a random oracle, but is totally insecure in the standard model. In particular, we show that it does not satisfy collision or multicollision‐resistance, second preimage‐resistance or preimage‐resistance for any family of compression functions. Therefore, at least in theory, hash function indifferentiability does not guarantee the structural integrity of the hash algorithm in the standard model. Results in the random oracle model are not affected. |
| format | Article |
| id | doaj-art-a27c9753eeca468d9bcc6b8ab5a0e25c |
| institution | Kabale University |
| issn | 1751-8709 1751-8717 |
| language | English |
| publishDate | 2021-07-01 |
| publisher | Wiley |
| record_format | Article |
| series | IET Information Security |
| spelling | doaj-art-a27c9753eeca468d9bcc6b8ab5a0e25c2025-02-03T01:31:54ZengWileyIET Information Security1751-87091751-87172021-07-0115430931610.1049/ise2.12025Indifferentiable hash functions in the standard modelJuha Partala0Center for Machine Vision and Signal Analysis University of Oulu FinlandAbstract Indifferentiability of iterated hash functions is seen as evidence that there are no structural flaws in the iteration structure of the algorithm. However, it is often overlooked that such considerations only hold in the random oracle model and do not give any guarantee in the standard model. In this article, we show the following separation result: there is a hash function that is indifferentiable from a random oracle, but is totally insecure in the standard model. In particular, we show that it does not satisfy collision or multicollision‐resistance, second preimage‐resistance or preimage‐resistance for any family of compression functions. Therefore, at least in theory, hash function indifferentiability does not guarantee the structural integrity of the hash algorithm in the standard model. Results in the random oracle model are not affected.https://doi.org/10.1049/ise2.12025cryptographydata compressioniterative methods |
| spellingShingle | Juha Partala Indifferentiable hash functions in the standard model IET Information Security cryptography data compression iterative methods |
| title | Indifferentiable hash functions in the standard model |
| title_full | Indifferentiable hash functions in the standard model |
| title_fullStr | Indifferentiable hash functions in the standard model |
| title_full_unstemmed | Indifferentiable hash functions in the standard model |
| title_short | Indifferentiable hash functions in the standard model |
| title_sort | indifferentiable hash functions in the standard model |
| topic | cryptography data compression iterative methods |
| url | https://doi.org/10.1049/ise2.12025 |
| work_keys_str_mv | AT juhapartala indifferentiablehashfunctionsinthestandardmodel |