Abstract
Double block length hashing covers the idea of constructing a compression function on 2n bits using an n-bit block cipher. In this work, we present a comprehensive indifferentiability analysis of all relevant double length compression functions. Indifferentiability is a stronger security notion than collision and preimage resistance and ensures that a design has no structural flaws. It is very well suited for composition: using an indifferentiable compression function in a proper mode of operation supplies an indifferentiable hash function. Yet, as we demonstrate compression function indifferentiability is not at all a triviality: almost all double length compression functions, including Tandem-DM and Jetchev et al.’s, appear to be differentiable from a random function in 2 queries. Nevertheless, we also prove that two known functions are indifferentiable: the MDC-4 compression function (up to 2 n/4 queries tight) and Mennink’s function (up to 2 n/2 queries tight).
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
