Impossibility of construction of OWHF and UOWHF from PGV model based on block cipher secure against ACPCA

Abstract

In 1993, Preneel, Govaerts and Vandewalle [11] considered 64 block cipher based hash functions (64 PGV-hash functions). In 2002, Black, Rogaway and Shrimpton [3] proved that 20 of 64 PGV-hash functions are collision resistant, assumed that a block cipher is a random block cipher. In 2002, Hirose [4] defined ACPA(Adaptive Chosen Plaintext Attack) model and ACPCA(Adaptive Chosen Plaintext/Ciphertext Attack) model and he showed that, for every PGV-hash function, there exist block ciphers secure against ACPA such that the PGV-hash function based on them is not a OWHF which has the properties of preimage resistance and second-preimage resistance. Recently, Lee et al. [6] generalized the definition of PGV-hash function into a hash family and showed that 42 of 64 PGV-hash families are collision resistant. In this paper, we show that, for every PGV-hash function, there exist block ciphers secure against ACPCA such that the PGV-hash family based on them is not a OWHF. We also show that, for every PGV-hash family, there exist block ciphers secure against ACPCA such that the PGV-hash family based on them is not a UOWHF. © Springer-Verlag 2004.