Skip to main content
Erschienen in: International Journal of Information Security 4/2014

01.08.2014 | Regular Contribution

Sufficient conditions for sound tree and sequential hashing modes

verfasst von: Guido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche

Erschienen in: International Journal of Information Security | Ausgabe 4/2014

Einloggen

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Hash functions are usually composed of a mode of operation on top of a concrete primitive with fixed input-length and fixed output-length, such as a block cipher or a permutation. In practice, the mode is often sequential, although parallel (or tree) hashing modes are also possible. The former requires less memory, while the latter has several advantages such as its inherent parallelism and a lower cost of hash value recomputation when only a small part of the input changes. In this paper, we consider the general case of (tree or sequential) hashing modes that make use of an underlying hash function, which may in turn be sequential. We formulate a set of three simple conditions for such a (tree or sequential) hashing mode to be sound. By sound, we mean that the advantage in differentiating a hash function obtained by applying a tree hashing mode to an ideal underlying hash function from an ideal monolithic hash function is upper bounded by \(q^2/2^{n+1}\) with \(q\) the number of queries to the underlying hash function and \(n\) the length of the chaining values. We provide a proof of soundness in the indifferentiability framework. The conditions we formulate are easy to implement and to verify and can be used by the practitioner to build a tree hashing mode on top of an existing hash function. We show how to apply tree hashing modes to sequential hash functions in an optimal way, demonstrate the applicability of our conditions with two efficient and simple tree hashing modes and provide a simple method to take the union of tree hashing modes that preserves soundness. It turns out that sequential hashing modes using a compression function (i.e., a hash function with fixed input-length) can be considered as particular cases and, as a by-product, our results also apply to them. We discuss the different techniques for satisfying the three conditions, thereby shedding a new light on several published modes.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Anhänge
Nur mit Berechtigung zugänglich
Literatur
1.
2.
Zurück zum Zitat Bagheri, N., Gauravaram, P., Knudsen, L.R., Zenner, E.: The suffix-free-prefix-free hash function construction and its indifferentiability security analysis. Int. J. Inf. Secur. 11(6), 419–434 (2012)CrossRef Bagheri, N., Gauravaram, P., Knudsen, L.R., Zenner, E.: The suffix-free-prefix-free hash function construction and its indifferentiability security analysis. Int. J. Inf. Secur. 11(6), 419–434 (2012)CrossRef
3.
Zurück zum Zitat Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) Advances in Cryptology—Crypto ’96, LNCS, no. 1109, pp. 1–15. Springer (1996) Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) Advances in Cryptology—Crypto ’96, LNCS, no. 1109, pp. 1–15. Springer (1996)
4.
Zurück zum Zitat Bellare, M., Ristenpart, T.: Multi-property-preserving hash domain extension and the EMD transform. In: Lai, X. and Chen, K. (eds.) Advances in Cryptology—Asiacrypt 2006, LNCS, no. 4284, pp. 299–314. Springer (2006) Bellare, M., Ristenpart, T.: Multi-property-preserving hash domain extension and the EMD transform. In: Lai, X. and Chen, K. (eds.) Advances in Cryptology—Asiacrypt 2006, LNCS, no. 4284, pp. 299–314. Springer (2006)
5.
Zurück zum Zitat Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM (ed.) ACM Conference on Computer and Communications Security 1993, pp. 62–73 (1993) Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM (ed.) ACM Conference on Computer and Communications Security 1993, pp. 62–73 (1993)
7.
Zurück zum Zitat Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N.P. (eds.) Advances in Cryptology—Eurocrypt 2008. Lecture Notes in Computer Science, vol. 4965, pp. 181–197. Springer (2008) http://sponge.noekeon.org/ Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N.P. (eds.) Advances in Cryptology—Eurocrypt 2008. Lecture Notes in Computer Science, vol. 4965, pp. 181–197. Springer (2008) http://​sponge.​noekeon.​org/​
8.
10.
Zurück zum Zitat Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sufficient conditions for sound tree hashing modes. In: Handschuh, H., Lucks, S., Preneel, B., Rogaway, P. (eds.) Symmetric Cryptography (Dagstuhl, Germany), Dagstuhl Seminar Proceedings, no. 09031, Schloss Dagstuhl—Leibniz-Zentrum fuer Informatik, Germany (2009) Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sufficient conditions for sound tree hashing modes. In: Handschuh, H., Lucks, S., Preneel, B., Rogaway, P. (eds.) Symmetric Cryptography (Dagstuhl, Germany), Dagstuhl Seminar Proceedings, no. 09031, Schloss Dagstuhl—Leibniz-Zentrum fuer Informatik, Germany (2009)
12.
Zurück zum Zitat Chang, D., Nandi, M.: Improved indifferentiability security analysis of chopMD hash function, In: Nyberg, K. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 5086, Springer, pp. 429–443 (2008) Chang, D., Nandi, M.: Improved indifferentiability security analysis of chopMD hash function, In: Nyberg, K. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 5086, Springer, pp. 429–443 (2008)
14.
Zurück zum Zitat Coron, J., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damgård revisited: How to construct a hash function. In: Shoup, V. (ed.) Advances in Cryptology—Crypto 2005, LNCS, no. 3621, pp. 430–448. Springer (2005) Coron, J., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damgård revisited: How to construct a hash function. In: Shoup, V. (ed.) Advances in Cryptology—Crypto 2005, LNCS, no. 3621, pp. 430–448. Springer (2005)
15.
Zurück zum Zitat Damgård, I.: A design principle for hash functions. In: Brassard, G. (ed.) Advances in Cryptology—Crypto ’89, LNCS, no. 435, pp. 416–427. Springer (1989) Damgård, I.: A design principle for hash functions. In: Brassard, G. (ed.) Advances in Cryptology—Crypto ’89, LNCS, no. 435, pp. 416–427. Springer (1989)
16.
Zurück zum Zitat Dodis, Y., Reyzin, L., Rivest, R., Shen, E.: Indifferentiability of permutation-based compression functions and tree-based modes of operation, with applications to MD6. In: O. Dunkelman, (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 5665, pp. 104–121. Springer (2009) Dodis, Y., Reyzin, L., Rivest, R., Shen, E.: Indifferentiability of permutation-based compression functions and tree-based modes of operation, with applications to MD6. In: O. Dunkelman, (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 5665, pp. 104–121. Springer (2009)
17.
Zurück zum Zitat Hirose, S., Park, J., Yun, A.: A simple variant of the Merkle-Damgård scheme with a permutation. Asiacrypt, pp. 113–129 (2007) Hirose, S., Park, J., Yun, A.: A simple variant of the Merkle-Damgård scheme with a permutation. Asiacrypt, pp. 113–129 (2007)
18.
Zurück zum Zitat Maurer, U., Renner, R., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor, M. (ed.) Theory of Cryptography—TCC 2004. Lecture Notes in Computer Science, no. 2951, pp. 21–39. Springer (2004) Maurer, U., Renner, R., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor, M. (ed.) Theory of Cryptography—TCC 2004. Lecture Notes in Computer Science, no. 2951, pp. 21–39. Springer (2004)
19.
Zurück zum Zitat Merkle, R.C.: Secrecy, authentication, and public key systems, PhD thesis. UMI Research Press (1982) Merkle, R.C.: Secrecy, authentication, and public key systems, PhD thesis. UMI Research Press (1982)
21.
Zurück zum Zitat NIST, Federal information processing standard 180–2, secure hash standard. August 2002 NIST, Federal information processing standard 180–2, secure hash standard. August 2002
22.
Zurück zum Zitat Ristenpart, T., Shacham, H., Shrimpton, T.: Careful with composition: Limitations of the indifferentiability framework. In: Paterson, K.G. (ed.) Eurocrypt 2011. Lecture Notes in Computer Science, vol. 6632, pp. 487–506. Springer (2011) Ristenpart, T., Shacham, H., Shrimpton, T.: Careful with composition: Limitations of the indifferentiability framework. In: Paterson, K.G. (ed.) Eurocrypt 2011. Lecture Notes in Computer Science, vol. 6632, pp. 487–506. Springer (2011)
23.
Zurück zum Zitat Rivest, R., Agre, B., Bailey, D.V., Cheng, S., Crutchfield, C., Dodis, Y., Fleming, K.E., Khan, A., Krishnamurthy, J., Lin, Y., Reyzin, L., Shen, E., Sukha, J., Sutherland, D., Tromer, E., Yin, Y.L.: The MD6 hash function—a proposal to NIST for SHA-3. Submission to NIST, (2008) http://groups.csail.mit.edu/cis/md6/ Rivest, R., Agre, B., Bailey, D.V., Cheng, S., Crutchfield, C., Dodis, Y., Fleming, K.E., Khan, A., Krishnamurthy, J., Lin, Y., Reyzin, L., Shen, E., Sukha, J., Sutherland, D., Tromer, E., Yin, Y.L.: The MD6 hash function—a proposal to NIST for SHA-3. Submission to NIST, (2008) http://​groups.​csail.​mit.​edu/​cis/​md6/​
24.
Metadaten
Titel
Sufficient conditions for sound tree and sequential hashing modes
verfasst von
Guido Bertoni
Joan Daemen
Michaël Peeters
Gilles Van Assche
Publikationsdatum
01.08.2014
Verlag
Springer Berlin Heidelberg
Erschienen in
International Journal of Information Security / Ausgabe 4/2014
Print ISSN: 1615-5262
Elektronische ISSN: 1615-5270
DOI
https://doi.org/10.1007/s10207-013-0220-y

Weitere Artikel der Ausgabe 4/2014

International Journal of Information Security 4/2014 Zur Ausgabe