Sciweavers

CRYPTO
2008
Springer

Compression from Collisions, or Why CRHF Combiners Have a Long Output

14 years 2 months ago
Compression from Collisions, or Why CRHF Combiners Have a Long Output
A black-box combiner for collision resistant hash functions (CRHF) is a construction which given black-box access to two hash functions is collision resistant if at least one of the components is collision resistant. In this paper we prove a lower bound on the output length of black-box combiners for CRHFs. The bound we prove is basically tight as it is achieved by a recent construction of Canetti et al [Crypto'07]. The best previously known lower bounds only ruled out a very restricted class of combiners having a very strong security reduction: the reduction was required to output collisions for both underlying candidate hash-functions given a single collision for the combiner (Canetti et al [Crypto'07] building on Boneh and Boyen [Crypto'06] and Pietrzak [Eurocrypt'07]). Our proof uses a lemma similar to the elegant "reconstruction lemma" of Gennaro and Trevisan [FOCS'00], which states that any function which is not one-way is compressible (and thus...
Krzysztof Pietrzak
Added 19 Oct 2010
Updated 19 Oct 2010
Type Conference
Year 2008
Where CRYPTO
Authors Krzysztof Pietrzak
Comments (0)