Sciweavers

ICC
2009
IEEE

On Hashing with Tweakable Ciphers

13 years 9 months ago
On Hashing with Tweakable Ciphers
Cryptographic hash functions are often built on block ciphers in order to reduce the security of the hash to that of the cipher, and to minimize the hardware size. Proven secure constructions are used in international standards like MD5, SHA-1, or Whirlpool. But recently, researchers proposed new modes of operations for hash functions to protect against generic attacks, and it remains open how to base such function on block ciphers. An attracting and intuitive choice is to combine previous constructions with tweakable block ciphers. We investigate such constructions, and show the surprising result that combining a secure mode of operation with a secure tweakable cipher does not guarantee the security of the hash function built. In fact, simple attacks can be possible when the interaction between secure components leaves some additional "freedom" to an adversary. Our techniques are derived from the principle of slide attacks, which were introduced for attacking block ciphers.
Raphael Chung-Wei Phan, Jean-Philippe Aumasson
Added 18 Feb 2011
Updated 18 Feb 2011
Type Journal
Year 2009
Where ICC
Authors Raphael Chung-Wei Phan, Jean-Philippe Aumasson
Comments (0)