2012 | OriginalPaper | Buchkapitel
Collisions Are Not Incidental: A Compression Function Exploiting Discrete Geometry
verfasst von : Dimitar Jetchev, Onur Özen, Martijn Stam
Erschienen in: Theory of Cryptography
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
We present a new construction of a compression function
$\ensuremath{{\if!! {{H}} \else{{H}_{}}\fi}} \colon \ensuremath{\{0,1\}}^{3\ensuremath{n} } \rightarrow \ensuremath{\{0,1\}}^{2\ensuremath{n} }$
that uses two parallel calls to an ideal primitive (an ideal blockcipher or a public random function) from
${2\ensuremath{n} }$
to
${\ensuremath{n} }$
bits. This is similar to the well-known MDC-2 or the recently proposed MJH by Lee and Stam (CT-RSA’11). However, unlike these constructions, we show already in the compression function that an adversary limited (asymptotically in
n
) to
$\mathcal{O}(2^{2\ensuremath{n} (1-\delta)/3})$
queries (for any
δ
> 0) has disappearing advantage to find collisions. A key component of our construction is the use of the Szemerédi–Trotter theorem over finite fields to bound the number of full compression function evaluations an adversary can make, in terms of the number of queries to the underlying primitives. Moveover, for the security proof we rely on a new abstraction that refines and strenghtens existing techniques. We believe that this framework elucidates existing proofs and we consider it of independent interest.