A novel permutation-based hash mode of operation FP and the hash function SAMOSA

Abstract

The contribution of the paper is two-fold. First, we design a novel permutation-based hash mode of operation FP, and analyze its security. We show that any n-bit hash function that uses the FP mode is indifferentiable from a random oracle up to 2n/2 queries (up to a constant factor), if the underlying 2n-bit permutation is free from any structural weaknesses. Based on our further analysis and experiments, we conjecture that the FP mode is resistant to all non-trivial generic attacks with work less than the brute force, mainly due to its large internal state. We compare the FP mode with other permutation-based hash modes. To put this into perspective, we propose a concrete hash function SAMOSA using the new mode and the P-permutations of the SHA-3 finalist Grøstl. Based on our analysis we claim that the SAMOSA family cannot be attacked with work significantly less than the brute force. We also provide hardware implementation (FPGA) results for SAMOSA to compare it with the SHA-3 finalists. In our implementations, SAMOSA family consistently beats Grøstl, Blake and Skein in the throughput to area ratio. With more efficient underlying permutation, it seems possible to design a hash function based on the FP mode that can achieve even higher performances. © Springer-Verlag 2012.