Abstract
Many of the popular Merkle-Damgard hash functions have turned out to be not collision-resistant (CR). The problem is that we no longer know if these hash functions are even second-preimage-resistant (SPR) or one-way (OW), without the underlying compression functions being CR. We remedy this situation by introducing the split padding into a current Merkle-Damgard hash function H . The patched hash function $\bar{H}$ resolves the problem in the following ways: (i) $\bar{H}$ is SPR if the underlying compression function h satisfies an SPR-like property, and (ii) $\bar{H}$ is OW if h satisfies an OW-like property. The assumptions we make about h are provided with simple definitions and clear relations to other security notions. In particular, they belong to the class whose existence is ensured by that of OW functions, revealing an evident separation from the strong CR requirement. Furthermore, we get the full benefit from the patch at almost no expense: The new scheme requires no change in the internals of a hash function, runs as efficiently as the original, and as usual inherits CR from h . Thus the patch has significant effects on systems and applications whose security relies heavily on the SPR or OW property of Merkle-Damgard hash functions.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
