Sciweavers

EUROCRYPT
2008
Springer

Security/Efficiency Tradeoffs for Permutation-Based Hashing

14 years 2 months ago
Security/Efficiency Tradeoffs for Permutation-Based Hashing
We provide attacks and analysis that capture a tradeoff, in the ideal-permutation model, between the speed of a permutation-based hash function and its potential security. For collision-uniform, fixedpermutation-order compression functions, we show that any 2n-bit to n-bit construction will have unacceptable collision resistance it makes fewer than three n-bit permutation invocations, while a 3n-bit to 2nbit construction will have unacceptable security if it makes fewer than five. Collisions can be found in a rate- fixed-permutation-order hashfunction built from n-bit permutations in about N1queries, where N = 2n . Our results provide guidance when trying to design or analyze practical permutation-based hash functions about the limits of what can possibly be done. An earlier version of this paper appeared in Eurocrypt 2008.
Phillip Rogaway, John P. Steinberger
Added 19 Oct 2010
Updated 19 Oct 2010
Type Conference
Year 2008
Where EUROCRYPT
Authors Phillip Rogaway, John P. Steinberger
Comments (0)