Sciweavers

IACR
2011

Hash Functions Based on Three Permutations: A Generic Security Analysis

13 years 3 days ago
Hash Functions Based on Three Permutations: A Generic Security Analysis
We consider the family of 2n-to-n-bit compression functions that are solely based on at most three permutation executions and on XOR-operators, and analyze its collision and preimage security. Despite their elegance and simplicity, these designs are not covered by the results of Rogaway and Steinberger (CRYPTO 2008). By defining a carefully chosen equivalence relation on this family of compression functions, we obtain the following results. In the setting where the three permutations π1, π2, π3 are selected independently and uniformly at random, there exist at most four equivalence classes that achieve optimal 2n/2 collision resistance. Under a certain extremal graph theory based conjecture, these classes are proven optimally collision secure. Additionally, three of these classes allow for finding preimages in 2n/2 queries, and only one achieves optimal 22n/3 preimage resistance (with respect to the bounds of Rogaway and Steinberger, EUROCRYPT 2008). Consequently, a compression fu...
Bart Mennink, Bart Preneel
Added 23 Dec 2011
Updated 23 Dec 2011
Type Journal
Year 2011
Where IACR
Authors Bart Mennink, Bart Preneel
Comments (0)