Security/Efficiency Tradeoffs for Permutation-Based Hashing

14 years 1 months ago

Download itcs.tsinghua.edu.cn

We provide attacks and analysis that capture a tradeoff, in the ideal-permutation model, between the speed of a permutation-based hash function and its potential security. For collision-uniform, fixedpermutation-order compression functions, we show that any 2n-bit to n-bit construction will have unacceptable collision resistance it makes fewer than three n-bit permutation invocations, while a 3n-bit to 2nbit construction will have unacceptable security if it makes fewer than five. Collisions can be found in a rate- fixed-permutation-order hashfunction built from n-bit permutations in about N1queries, where N = 2n . Our results provide guidance when trying to design or analyze practical permutation-based hash functions about the limits of what can possibly be done. An earlier version of this paper appeared in Eurocrypt 2008.

Phillip Rogaway, John P. Steinberger

Real-time Traffic

Cryptology | EUROCRYPT 2008 | N-bit Permutation Invocations | N-bit Permutations | Permutation-based Hash Functions |

claim paper

Post Info
More Details (n/a)

Added	19 Oct 2010
Updated	19 Oct 2010
Type	Conference
Year	2008
Where	EUROCRYPT
Authors	Phillip Rogaway, John P. Steinberger

Comments (0)

Sciweavers

Security/Efficiency Tradeoffs for Permutation-Based Hashing

Cryptology | EUROCRYPT 2008 | N-bit Permutation Invocations | N-bit Permutations | Permutation-based Hash Functions |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers