We propose a family of compression functions built from fixed-key blockciphers and investigate their collision and preimage security in the ideal-cipher model. The constructions have security approaching and in many cases equaling the security upper bounds found in previous work of the authors [24]. In particular, we describe a 2n-bit to n-bit compression function using three n-bit permutation calls that has collision security N0.5 , where N = 2n , and we describe 3n-bit to 2n-bit compression functions using five and six permutation calls and having collision security of at least N0.55 and N0.63 . Key words: blockcipher-based hashing, collision-resistant hashing, compression functions, cryptographic hash functions, ideal-cipher model.
Phillip Rogaway, John P. Steinberger