Nearly all modern hash functions are constructed by iterating a compression function. At FSE'04, Rogaway and Shrimpton [28] formalized seven security notions for hash functions: collision resistance (Coll) and three variants of second-preimage resistance (Sec, aSec, eSec) and preimage resistance (Pre, aPre, ePre). The main contribution of this paper is in determining, by proof or counterexample, which of these seven notions is preserved by each of eleven existing iterations. Our study points out that none of them preserves more than three notions from [28]. As a second contribution, we propose the new Random-Oracle XOR (ROX) iteration that is the first to provably preserve all seven notions, but that, quite controversially, uses a random oracle in the iteration. The compression function itself is not modeled as a random oracle though. Rather, ROX uses an auxiliary small-input random oracle (typically 170 bits) that is called only a logarithmic number of times. © International Association for Cryptology Research 2007.
CITATION STYLE
Andreeva, E., Neven, G., Preneel, B., & Shrimpton, T. (2007). Seven-property-preserving iterated hashing: ROX. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4833 LNCS, pp. 130–146). Springer Verlag. https://doi.org/10.1007/978-3-540-76900-2_8
Mendeley helps you to discover research relevant for your work.