Abstract
In ToSC 2018(4), Daemen et al. performed an in-depth investigation of sound hashing modes based on arbitrary functions, permutations, or block ciphers. However, for the case of invertible primitives, there is a glitch. In this errata, we formally fix this glitch by adding an extra term to the security bound, q/2b−n, where q is query complexity, b the width of the permutation or the block size of the block cipher, and n the size of the hash digest. For permutations that are wider than two times the chaining value this term is negligible. For block cipher based hashing modes where the block size is close to the digest size, the term degrades the security significantly.
Highlights
In [DMA18], Daemen, Mennink, and Van Assche performed a thorough investigation of cryptographic hashing modes
They considered a very large class of hashing modes built on top of arbitrary functions, permutations, or block ciphers, and derived sufficient conditions for these modes to be hard to differentiate from a random oracle
While the conceptually cleaner sufficiency conditions simplified the security analyses, a level of complication was introduced by the fact that more general modes than in [DRRS09, BDPV14] were taken into consideration
Summary
In [DMA18], Daemen, Mennink, and Van Assche performed a thorough investigation of cryptographic hashing modes They considered a very large class of hashing modes built on top of arbitrary functions, permutations, or block ciphers, and derived sufficient conditions for these modes to be hard to differentiate from a random oracle. Their analysis generalized earlier attempts of Dodis et al [DRRS09] and Bertoni et al [BDPV14]. The glitch is quite simple to fix In this errata to the original article of Daemen et al [DMA18], we correct the analysis for the case of modes based on a permutation or block cipher. Concluding, the extra term leads to an extra requirement for modes to be secure, in that sufficient truncation has to be done
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
