Skip to main content
Conference ProceedingsOPEN ACCESS

The collision intractability of MDC-2 in the ideal-cipher model

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2007) 4515 LNCS 34-51
DOI: 10.1007/978-3-540-72540-4_3
52Citations
Citations of this article
29Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

We provide the first proof of security for MDC-2, the most well-known construction for turning an n-bit blockcipher into a 2n-bit cryptographic hash function. Our result, which is in the ideal-cipher model, shows that MDC-2, when built from a blockcipher having block-length and keylength n, has security much better than that delivered by any hash function that has an n-bit output. When the blocklength and keylength are n = 128 bits, as with MDC-2 based on AES-128, an adversary that asks fewer than 274.9 queries usually cannot find a collision. © International Association for Cryptology Research 2007.

Author supplied keywords

Cite

CITATION STYLE

APA

Steinberger, J. P. (2007). The collision intractability of MDC-2 in the ideal-cipher model. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4515 LNCS, pp. 34–51). Springer Verlag. https://doi.org/10.1007/978-3-540-72540-4_3

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free