Skip to content
Journal article

Fast Software Encryption

Rogaway P, Shrimpton T ...see all

FSE 2004: Fast Software Encryption, vol. 3017, issue Fse 2004 (2004) pp. 371-388

  • 75


    Mendeley users who have this article in their library.
  • N/A


    Citations of this article.
  • N/A


    ScienceDirect users who have downloaded this article.
Sign in to save reference


We consider basic notions of security for cryptographic hash functions: collision resistance, preimage resistance, and second-preimage resistance. We give seven different definitions that correspond to these three underlying ideas, and then we work out all of the implications and separations among these seven definitions within the concrete-security, provable-security framework. Because our results are concrete, we can show two types of implications, conventional and provisional, where the strength of the latter depends on the amount of compression achieved by the hash function. We also distinguish two types of separations, conditional and unconditional. When constructing counterexamples for our separations, we are careful to preserve specified hash-function domains and ranges; this rules out some pathological counterexamples and makes the separations more meaningful in practice. Four of our definitions are standard while three appear to be new; some of our relations and separations have appeared, others have not. Here we give a modern treatment that acts to catalog, in one place and with carefully-considered nomenclature, the most basic security notions for cryptographic hash functions.

Author-supplied keywords

  • collision resistance
  • cryptographic hash functions
  • preimage resistance
  • provable security
  • second-preimage resistance

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in


  • Phillip Rogaway

  • Thomas Shrimpton

Cite this document

Choose a citation style from the tabs below