Indifferentiability of double-block-length hash function without feed-forward operations

Abstract

Designing a cryptographic scheme with minimal components is a main theme in cryptographic research. Regarding double-block-length (DBL) hashing, feed-forward operations are used to avoid attacks from the blockcipher’s decryption function, whereas Özen and Stam showed that by using an iterated structure the feed-forward operations can be eliminated. Precisely, DBL iterated hash functions are collision resistant up to about 2n query complexity when a blockcipher with n-bit blocks is used. Regarding the security of hash functions, pseudorandom-oracle (PRO) security, which is a stronger security notion than collision resistance, is an important security criterion of hash functions. Though several DBL hash functions with PRO security have been proposed, these use feed-forward operations. Note that Özen-Stam’s hash functions are not secure PROs due to the length-extension attack. Hence, it remains an open problem to design a PRO-secure DBL hash function without feed-forward operations. In this paper, we show that the feed-forward operations in the PRO-secure DBL hash function can be eliminated, that is, the simplified scheme is a secure PRO up to about 2n query complexity. To our knowledge, this is the first time PRO-secure DBL hash function without feed-forward operations.