A simple variant of the merkle-damgård scheme with a permutation

Shoichi Hirose, Je Hong Park, Aaram Yun

Research output: Contribution to journalReview articlepeer-review

7 Scopus citations


We propose a new composition scheme for hash functions. It is a variant of the Merkle-Damgård construction with a permutation applied right before the processing of the last message block. We analyze the security of this scheme using the indifferentiability formalism, which was first adopted by Coron et al. to the analysis of hash functions. We also study the security of simple MAC constructions out of this scheme. Finally, we discuss the random oracle indifferentiability of this scheme with a double-block-length compression function or the Davies-Meyer compression function composed of a block cipher.

Original languageEnglish
Pages (from-to)271-309
Number of pages39
JournalJournal of Cryptology
Issue number2
StatePublished - Apr 2012


  • Hash function
  • Ideal cipher
  • Indifferentiability
  • MAC
  • Merkle-Damgård construction
  • Pseudorandom function
  • Random oracle


Dive into the research topics of 'A simple variant of the merkle-damgård scheme with a permutation'. Together they form a unique fingerprint.

Cite this