Double Block Length Hash Research Articles

Optimal collision security in double block length hashing with single length key

The idea of double block length hashing is to construct a compression function on 2n bits using a block cipher with an n-bit block size. All optimally secure double block length hash functions known in the literature employ a cipher with a key space of double block size, 2n-bit. On the other hand, no optimally secure compression functions built from a cipher with an n-bit key space are known. Our work deals with this problem. Firstly, we prove that for a wide class of compression functions with two calls to its underlying n-bit keyed block cipher collisions can be found in about $$2^{n/2}$$2n/2 queries. This attack applies, among others, to functions where the output is derived from the block cipher outputs in a linear way. This observation demonstrates that all security results of designs using a cipher with 2n-bit key space crucially rely on the presence of these extra n key bits. The main contribution of this work is a proof that this issue can be resolved by allowing the compression function to make one extra call to the cipher. We propose a family of compression functions making three block cipher calls that asymptotically achieves optimal collision resistance up to $$2^{n(1-\varepsilon )}$$2n(1-ź) queries and preimage resistance up to $$2^{3n(1-\varepsilon )/2}$$23n(1-ź)/2 queries, for any $$\varepsilon >0$$ź>0. To our knowledge, this is the first optimally collision secure double block length construction using a block cipher with single length key space. We additionally prove this class of functions indifferentiable from random functions in about $$2^{n/2}$$2n/2 queries, and demonstrate that no other function in this direction achieves a bound of similar kind.

Security evaluation of double-block-length hash modes with preimage attacks on PGV schemes

In FSE 2011, Sasaki presented the preimage attacks on Davies-Meyer (DM) scheme of 7-round AES and explained conversion of it to the attack on the hash function for 12 secure PGV schemes. In this paper, we apply Sasaki's work to Double-Block-Length (DBL) hash modes based on arbitrary blockcipher. We generalize compression functions in several DBL hash modes. Assuming a Sasaki's preimage attack on DM scheme of the underlying blockcipher is faster than brute-force attack, we evaluate securities of the hash modes against preimage or second-preimage attacks. Hence, we analyzed the hash modes against preimage or second-preimage attacks except some case of the generalized MDC-4.

Attacks on Fast Double Block Length Hash Functions

The security of hash functions based on a block cipher with a block length of m bits and a key length of k bits, where $k\leq m$ , is considered. New attacks are presented on a large class of iterated hash functions with a 2m -bit hash result which processes in each iteration two message blocks using two encryptions. In particular, the attacks break three proposed schemes: Parallel-DM, the PBGV hash function, and the LOKI DBH mode.