Skip to main content
SpringerLink
Log in

Security Analysis of a Design Variant of Randomized Hashing

  • Conference paper
  • First Online:
Applications and Techniques in Information Security (ATIS 2017)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 719))

  • 1175 Accesses

Abstract

At EUROCRYPT 2009, Gauravaram and Knudsen presented an online birthday attack on the randomized hashing scheme standardized in NIST SP800-106. This attack uses a fact that it is easy to find fixed points for the Davies-Meyer-type compression functions of standardized hash functions such as those in the SHA-2 family. This attack is significant in that it is an attack on the target collision resistance (TCR) of the randomized hashing scheme which is claimed to be enhanced TCR (eTCR). TCR is a property weaker than eTCR. In this paper, we will present a randomized hashing scheme called RMC. We will also prove that RMC satisfies both TCR and eTCR in the random oracle model and in the ideal cipher model. In particular, the proof for the TCR security in the ideal cipher model implies that the attack by Gauravaram and Knudsen is not effective against RMC.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bellare, M., Ristenpart, T.: Hash functions in the dedicated-key setting: design choices and MPP transforms. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 399–410. Springer, Heidelberg (2007). doi:10.1007/978-3-540-73420-8_36

    Chapter  Google Scholar 

  2. Bellare, M., Rogaway, P.: Collision-resistant hashing: towards making UOWHFs practical. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 470–484. Springer, Heidelberg (1997). doi:10.1007/BFb0052256

    Chapter  Google Scholar 

  3. Black, J., Rogaway, P., Shrimpton, T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320–335. Springer, Heidelberg (2002). doi:10.1007/3-540-45708-9_21

    Chapter  Google Scholar 

  4. Black, J., Rogaway, P., Shrimpton, T., Stam, M.: An analysis of the blockcipher-based hash functions from PGV. J. Cryptology 23(4), 519–545 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  5. Damgård, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, New York (1990). doi:10.1007/0-387-34805-0_39

    Chapter  Google Scholar 

  6. Dean, R.D.: Formal aspects of mobile code security. Ph.D. thesis, Princeton University (1999)

    Google Scholar 

  7. FIPS PUB 180–4: Secure Hash Standard (SHS) (2015)

    Google Scholar 

  8. Gauravaram, P.: Generation of randomized messages for cryptographic hash functions, US Patent 9444619 B2 (2016)

    Google Scholar 

  9. Gauravaram, P., Kelsey, J.: Linear-XOR and additive checksums don’t protect Damgård-Merkle hashes from generic attacks. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 36–51. Springer, Heidelberg (2008). doi:10.1007/978-3-540-79263-5_3

    Chapter  Google Scholar 

  10. Gauravaram, P., Kelsey, J., Knudsen, L.R., Thomsen, S.S.: On hash functions using checksums. Int. J. Inf. Sec 9(2), 137–151 (2010)

    Article  Google Scholar 

  11. Gauravaram, P., Knudsen, L.R.: On randomizing hash functions to strengthen the security of digital signatures. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 88–105. Springer, Heidelberg (2009). doi:10.1007/978-3-642-01001-9_5

    Chapter  Google Scholar 

  12. Gauravaram, P., Knudsen, L.R.: Security analysis of randomize-hash-then-sign digital signatures. J. Cryptology 25(4), 748–779 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  13. Halevi, S., Krawczyk, H.: Strengthening digital signatures via randomized hashing. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 41–59. Springer, Heidelberg (2006). doi:10.1007/11818175_3

    Chapter  Google Scholar 

  14. Kelsey, J., Kohno, T.: Herding hash functions and the Nostradamus attack. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 183–200. Springer, Heidelberg (2006). doi:10.1007/11761679_12

    Chapter  Google Scholar 

  15. Kelsey, J., Lucks, S.: Collisions and near-collisions for reduced-round Tiger. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 111–125. Springer, Heidelberg (2006). doi:10.1007/11799313_8

    Chapter  Google Scholar 

  16. Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than 2n work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005). doi:10.1007/11426639_28

    Chapter  Google Scholar 

  17. Kuwakado, H., Morii, M.: Indifferentiability of single-block-length and rate-1 compression functions. IEICE Fundam. 90–A(10), 2301–2308 (2007)

    Article  Google Scholar 

  18. Matyas, S.M., Meyer, C.H., Oseas, J.: Generating strong one-way functions with cryptographic algorithm. IBM Techn. Discl. Bull. 27, 5658–5659 (1985)

    Google Scholar 

  19. Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, New York (1990). doi:10.1007/0-387-34805-0_40

    Chapter  Google Scholar 

  20. Miyaguchi, S., Ohta, K., Iwata, M.: Confirmation that some hash functions are not collision free. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 326–343. Springer, Heidelberg (1991). doi:10.1007/3-540-46877-3_30

    Google Scholar 

  21. Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing, pp. 33–43 (1989)

    Google Scholar 

  22. NIST SP 800–106: Randomized Hashing for Digital Signatures (2009)

    Google Scholar 

  23. Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994). doi:10.1007/3-540-48329-2_31

    Google Scholar 

  24. Reyhanitabar, M.R., Susilo, W., Mu, Y.: Enhanced target collision resistant hash functions revisited. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 327–344. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03317-9_20

    Chapter  Google Scholar 

  25. Shoup, V.: A composition theorem for universal one-way hash functions. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 445–452. Springer, Heidelberg (2000). doi:10.1007/3-540-45539-6_32

    Chapter  Google Scholar 

  26. Stam, M.: Blockcipher-based hashing revisited. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 67–83. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03317-9_5

    Chapter  Google Scholar 

Download references

Acknowledgements

A part of this work was done when Dr. Praveen Gauravaram was at QUT supported by Australian Research Council (ARC) Discovery Project grant DP130104304. The second author was supported in part by JSPS KAKENHI Grant Number JP16H02828.

Author information

Authors and Affiliations

  1. Tata Consultancy Services, Brisbane, Australia

    Praveen Gauravaram

  2. University of Fukui, Fukui, Japan

    Shoichi Hirose

  3. McMaster University, Hamilton, Canada

    Douglas Stebila

Authors
  1. Praveen Gauravaram
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shoichi Hirose
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Douglas Stebila
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shoichi Hirose .

Editor information

Editors and Affiliations

  1. School of Information Technology, Deakin University, Geelong, Victoria, Australia

    Lynn Batten

  2. University of Canterbury, Christchurch, New Zealand

    Dong Seong Kim

  3. The University of Auckland, Auckland, New Zealand

    Xuyun Zhang

  4. Deakin University, Geelong, Victoria, Australia

    Gang Li

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer Nature Singapore Pte Ltd.

About this paper

Cite this paper

Gauravaram, P., Hirose, S., Stebila, D. (2017). Security Analysis of a Design Variant of Randomized Hashing. In: Batten, L., Kim, D., Zhang, X., Li, G. (eds) Applications and Techniques in Information Security. ATIS 2017. Communications in Computer and Information Science, vol 719. Springer, Singapore. https://doi.org/10.1007/978-981-10-5421-1_2

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-5421-1_2

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-5420-4

  • Online ISBN: 978-981-10-5421-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation