Abstract
We propose a new composition scheme for hash functions. It is a variant of the Merkle-Damgård construction with a permutation applied right before the processing of the last message block. We analyze the security of this scheme using the indifferentiability formalism, which was first adopted by Coron et al. to the analysis of hash functions. We also study the security of simple MAC constructions out of this scheme. Finally, we discuss the random oracle indifferentiability of this scheme with a double-block-length compression function or the Davies-Meyer compression function composed of a block cipher.
Original language | English |
---|---|
Pages (from-to) | 271-309 |
Number of pages | 39 |
Journal | Journal of Cryptology |
Volume | 25 |
Issue number | 2 |
DOIs | |
State | Published - Apr 2012 |
Keywords
- Hash function
- Ideal cipher
- Indifferentiability
- MAC
- Merkle-Damgård construction
- Pseudorandom function
- Random oracle