Abstract
At EUROCRYPT 2009, Gauravaram and Knudsen presented an online birthday attack on the randomized hashing scheme standardized in NIST SP800-106. This attack uses a fact that it is easy to find fixed points for the Davies-Meyer-type compression functions of standardized hash functions such as those in the SHA-2 family. This attack is significant in that it is an attack on the target collision resistance (TCR) of the randomized hashing scheme which is claimed to be enhanced TCR (eTCR). TCR is a property weaker than eTCR. In this paper, we will present a randomized hashing scheme called RMC. We will also prove that RMC satisfies both TCR and eTCR in the random oracle model and in the ideal cipher model. In particular, the proof for the TCR security in the ideal cipher model implies that the attack by Gauravaram and Knudsen is not effective against RMC.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bellare, M., Ristenpart, T.: Hash functions in the dedicated-key setting: design choices and MPP transforms. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 399–410. Springer, Heidelberg (2007). doi:10.1007/978-3-540-73420-8_36
Bellare, M., Rogaway, P.: Collision-resistant hashing: towards making UOWHFs practical. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 470–484. Springer, Heidelberg (1997). doi:10.1007/BFb0052256
Black, J., Rogaway, P., Shrimpton, T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320–335. Springer, Heidelberg (2002). doi:10.1007/3-540-45708-9_21
Black, J., Rogaway, P., Shrimpton, T., Stam, M.: An analysis of the blockcipher-based hash functions from PGV. J. Cryptology 23(4), 519–545 (2010)
Damgård, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, New York (1990). doi:10.1007/0-387-34805-0_39
Dean, R.D.: Formal aspects of mobile code security. Ph.D. thesis, Princeton University (1999)
FIPS PUB 180–4: Secure Hash Standard (SHS) (2015)
Gauravaram, P.: Generation of randomized messages for cryptographic hash functions, US Patent 9444619 B2 (2016)
Gauravaram, P., Kelsey, J.: Linear-XOR and additive checksums don’t protect Damgård-Merkle hashes from generic attacks. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 36–51. Springer, Heidelberg (2008). doi:10.1007/978-3-540-79263-5_3
Gauravaram, P., Kelsey, J., Knudsen, L.R., Thomsen, S.S.: On hash functions using checksums. Int. J. Inf. Sec 9(2), 137–151 (2010)
Gauravaram, P., Knudsen, L.R.: On randomizing hash functions to strengthen the security of digital signatures. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 88–105. Springer, Heidelberg (2009). doi:10.1007/978-3-642-01001-9_5
Gauravaram, P., Knudsen, L.R.: Security analysis of randomize-hash-then-sign digital signatures. J. Cryptology 25(4), 748–779 (2012)
Halevi, S., Krawczyk, H.: Strengthening digital signatures via randomized hashing. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 41–59. Springer, Heidelberg (2006). doi:10.1007/11818175_3
Kelsey, J., Kohno, T.: Herding hash functions and the Nostradamus attack. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 183–200. Springer, Heidelberg (2006). doi:10.1007/11761679_12
Kelsey, J., Lucks, S.: Collisions and near-collisions for reduced-round Tiger. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 111–125. Springer, Heidelberg (2006). doi:10.1007/11799313_8
Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than 2n work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005). doi:10.1007/11426639_28
Kuwakado, H., Morii, M.: Indifferentiability of single-block-length and rate-1 compression functions. IEICE Fundam. 90–A(10), 2301–2308 (2007)
Matyas, S.M., Meyer, C.H., Oseas, J.: Generating strong one-way functions with cryptographic algorithm. IBM Techn. Discl. Bull. 27, 5658–5659 (1985)
Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, New York (1990). doi:10.1007/0-387-34805-0_40
Miyaguchi, S., Ohta, K., Iwata, M.: Confirmation that some hash functions are not collision free. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 326–343. Springer, Heidelberg (1991). doi:10.1007/3-540-46877-3_30
Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing, pp. 33–43 (1989)
NIST SP 800–106: Randomized Hashing for Digital Signatures (2009)
Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994). doi:10.1007/3-540-48329-2_31
Reyhanitabar, M.R., Susilo, W., Mu, Y.: Enhanced target collision resistant hash functions revisited. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 327–344. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03317-9_20
Shoup, V.: A composition theorem for universal one-way hash functions. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 445–452. Springer, Heidelberg (2000). doi:10.1007/3-540-45539-6_32
Stam, M.: Blockcipher-based hashing revisited. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 67–83. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03317-9_5
Acknowledgements
A part of this work was done when Dr. Praveen Gauravaram was at QUT supported by Australian Research Council (ARC) Discovery Project grant DP130104304. The second author was supported in part by JSPS KAKENHI Grant Number JP16H02828.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Gauravaram, P., Hirose, S., Stebila, D. (2017). Security Analysis of a Design Variant of Randomized Hashing. In: Batten, L., Kim, D., Zhang, X., Li, G. (eds) Applications and Techniques in Information Security. ATIS 2017. Communications in Computer and Information Science, vol 719. Springer, Singapore. https://doi.org/10.1007/978-981-10-5421-1_2
Download citation
DOI: https://doi.org/10.1007/978-981-10-5421-1_2
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-5420-4
Online ISBN: 978-981-10-5421-1
eBook Packages: Computer ScienceComputer Science (R0)