Abstract
In this paper, we introduce a new class of double-block-length hash functions. Using the ideal cipher model, we prove that these hash functions, dubbed MJH, are asymptotically collision resistant up to \(O(2^{n(1-\epsilon )})\) query complexity for any \(\epsilon >0\) in the iteration, where \(n\) is the block size of the underlying blockcipher. When based on \(n\)-bit key blockciphers, our construction, being of rate 1/2, provides better provable security than MDC-2, the only known construction of a rate-1/2 double-length hash function based on an \(n\)-bit key blockcipher with non-trivial provable security. Moreover, since key scheduling is performed only once per message block for MJH, our proposal significantly outperforms MDC-2 in efficiency. When based on a \(2n\)-bit key blockcipher, we can use the extra \(n\) bits of key to increase the amount of payload accordingly. Thus we get a rate-1 hash function that is much faster than existing proposals, such as Tandem-DM with comparable provable security. This is the full version of Lee and Stam (A faster alternative to MDC-2, 2011).
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
We allow a path that consists of a single node.
References
Black J., Rogaway P., Shrimpton T.: Black-box analysis of the block-cipher-based hash-function construction from PGV. In: Yung M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320–325. Springer, Heidelberg (2002).
Black J., Cochran M., Shrimpton T.: On the impossibility of highly-efficient blockcipher-based hash functions. In: Cramer R (ed.) Eurocrypt 2005. LNCS, vol. 3494, pp. 526–541. Springer, Heidelberg (2005).
Bogdanov A., Leander G., Paar C., Poschmann A., Robshaw M.J.B., Seurin Y.: Hash functions and RFID tags: mind the gap. In: Oswald E., Rohatgi P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 283–299. Springer, Heidelberg (2008).
Bos J.W., Özen O., Stam M.: Efficient hashing using the AES instruction set. In: Preneel B., Takagi T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 507–522. Springer, Heidelberg (2011).
Biryukov A., Khovratovich D.: Related-key cryptanalysis of the full AES-192 and AES-256. In: Matsui M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1–18. Springer, Heidelberg (2009).
Brachtl B., Coppersmith D., Heyden M., Matyas S., Meyer C., Oseas J., Pilpel S., Schilling M.: Data authentication using modification detection codes based on a public one-way encryption function. US Patent #4,908,861, 13 Mar 1990.
Damgård I.: A design principle for hash functions. In: Brassard G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990).
Fleischmann E., Gorski M., Lucks S.: On the security of Tandem-DM. In: Dunkelman O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 85–105. Springer, Heidelberg (2009).
Fleischmann E., Gorski M., Lucks S.: Security of cyclic double block length hash functions. In: Parker M.G. (ed.) Cryptography and Coding 2009. LNCS, vol. 5921, pp. 153–175, Springer, Heidelberg (2009).
Hattori M., Hirose S., Yoshida S.: Analysis of double block length hash functions. In: Paterson K.G. (ed.) IMA 2003. LNCS, vol. 2898, pp. 290–302. Springer, Heidelberg (2003).
Hirose S.: Provably secure double-block-length hash functions in a black-box model. In: Park C., Chee S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 330–342. Springer, Heidelberg (2005).
Hirose S.: A security analysis of double-block-length hash functions with the rate 1. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E89-A(10), 2575–2582 (2006).
Hirose S.: Some plausible construction of double-block-length hash functions. In: Robshaw M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 210–225. Springer, Heidelberg (2006).
Knudsen L.R., Massey J.L., Preneel B.: Attacks on fast double block length hash functions. J. Cryptol. 11(1), 59–72 (1998).
Knudsen L.R., Mendel F., Rechberger C., Thomsen S.S.: Cryptanalysis of MDC-2. In: Joux A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 106–120. Springer, Heidelberg (2009).
Lai X., Massey J.L.: Hash function based on block ciphers. In: Rueppel R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 55–70. Springer, Heidelberg (1993).
Lee J., Hong D.: Collision resistance of the JH hash function. IEEE Trans. Inf. Theory 58(3), 1992–1995 (2012).
Lee J., Kwon D.: The security of Abreast-DM in the ideal cipher model. IEICE Trans. 94-A(1), pp. 104–109 (2011).
Lee J., Stam M.: A faster alternative to MDC-2. In: Kiayias A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 213–236. Springer, Heidelberg (2011).
Lee J., Steinberger J.: Multi-property-preserving domain extension using polynomial-based modes of operation. In: Gilbert H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 573–596. Springer, Heidelberg (2010).
Lee J., Stam M., Steinberger J.: The collision security of Tandem-DM in the ideal cipher model. In: Rogaway P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 561–577. Springer, Heidelberg (2011).
Lucks S.: A collision-resistant rate-1 double-block-length hash function. In: Symmetric Cryptography, Dagstuhl Seminar Proceedings 07021 (2007).
Merkle R.: One way hash functions and DES. In: Brassard G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990).
Meyer C., Schilling M.: Chargement securise d’un programma avec code de detection de manipulation (1987)
Özen O., Stam M.: Another glance at double-length hashing. In: Parker M.G. (ed.) Cryptography and Coding 2009. LNCS, vol. 5921, pp. 176–201. Springer, Heidelberg (2009).
Preneel B., Govaerts R., Vandewalle J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994).
Ristenpart T., Shrimpton T.: How to build a hash function from any collision-resistant function. In: Kurosawa K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 147–163. Springer, Heidelberg (2007).
Rogaway P., Steinberger J.: Constructing cryptographic hash functions from fixed-key blockciphers. In: Wagner D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 433–450. Springer, Heidelberg (2008).
Rogaway P., Steinberger J.: Security/efficiency tradeoffs for permuation-based hashing. In: Smart N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 220–236. Springer, Heidelberg (2008).
Shrimpton T., Stam M.: Building a collision-resistant function from non-compressing primitives. In: Aceto L., Damgård I., Goldberg L.A., Halldórssón M.M., Ingolfsdottir A., Walukiewic I. (eds.) ICALP 2008. LNCS, vol. 5126, pp. 643–654. Springer, Heidelberg (2008).
Stam M.: Beyond uniformity: security/efficiency tradeoffs for compression functions. In: Wagner D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 397–412. Springer, Heidelberg (2008).
Stam M.: Blockcipher based hashing revisited. In: Dunkelman O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 67–83. Springer, Heidelberg (2009).
Steinberger J.: The collision intractability of MDC-2 in the ideal-cipher model. In: Naor M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 34–51. Springer, Heidelberg (2008).
Wu H.: The hash function JH. Submission to NIST. http://www3.ntu.edu.sg/home/wuhj/research/jh/index.html (2008).
Acknowledgments
The work of J. Lee was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (NRF-2013R1A1A2007488).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by L. R. Knudsen.
Rights and permissions
About this article
Cite this article
Lee, J., Stam, M. MJH: a faster alternative to MDC-2. Des. Codes Cryptogr. 76, 179–205 (2015). https://doi.org/10.1007/s10623-014-9936-6
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-014-9936-6