We provide the first proof of security for MDC-2, the most well-known construction for turning an n-bit blockcipher into a 2n-bit cryptographic hash function. Our result, which is in the ideal-cipher model, shows that MDC-2, when built from a blockcipher having block-length and keylength n, has security much better than that delivered by any hash function that has an n-bit output. When the blocklength and keylength are n = 128 bits, as with MDC-2 based on AES-128, an adversary that asks fewer than 274.9 queries usually cannot find a collision. © International Association for Cryptology Research 2007.
CITATION STYLE
Steinberger, J. P. (2007). The collision intractability of MDC-2 in the ideal-cipher model. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4515 LNCS, pp. 34–51). Springer Verlag. https://doi.org/10.1007/978-3-540-72540-4_3
Mendeley helps you to discover research relevant for your work.