In this paper, we show that four domain extension modes for hash functions: pfMD, chopMD, NMAC and HMAC have different indifferentiable security levels. Our synthetic analysis shows the chopMD, NMAC and HMAC modes can sustain more weaknesses of the compression function than the pfMD mode. For the pfMD mode, there exist 12 out of 20 collision resistant PGV hash functions which are indifferentiable from a random oracle. This is an improvement on the result of Chang et al. For the chopMD, NMAC and HMAC modes, all the 20 PGV compression functions are indifferentiable from a random oracle. The chopMD mode has better indifferentiable security bound but lower output size than the pfMD, NMAC and HMAC mode; and the HMAC mode can be implemented easier than NMAC. We also show that there exist flaws in the indifferentiability proofs by Coron et al., Chang et al. and Gong et al. © 2012 Springer-Verlag.
CITATION STYLE
Luo, Y., Lai, X., & Gong, Z. (2012). Indifferentiability of domain extension modes for hash functions. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7222 LNCS, pp. 138–155). https://doi.org/10.1007/978-3-642-32298-3_10
Mendeley helps you to discover research relevant for your work.