2008 Volume E91.A Issue 1 Pages 74-82
In this article, we discuss the security of double-block-length (DBL) hash functions against the free-start collision attack. We focus on the DBL hash functions composed of compression functions of the form F(x)=(f(x),f(p(x))), where f is a smaller compression function and p is a permutation. We first show, in the random oracle model, that a significantly good upper bound can be obtained on the success probability of the free-start collision attack with sufficient conditions on p and the set of initial values. We also show that a similar upper bound can be obtained in the ideal cipher model if f is composed of a block cipher.