The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Este artigo discute a segurança comprovável dos modos de função pseudo-aleatória (PRF) de uma função hash iterada usando uma cifra de bloco. A função hash iterada usa o modo Matyas-Meyer-Oseas (MMO) para a função de compressão e o modo Merkle-Damgård com uma permutação (MDP) para a transformação de extensão de domínio. É mostrado que o modo chaveado via IV e o modo prefixo de chave da função hash iterada são funções pseudoaleatórias se a cifra de bloco subjacente for uma permutação pseudoaleatória sob um ataque de chave relacionada em relação à permutação usada no MDP. Mais precisamente, o modo chave-prefixo também exige que EIV(K)+ K é pseudoramdom, onde E é a cifra de bloco subjacente, IV é o valor inicial fixo da função hash, e K é uma chave secreta. Também foi confirmado que a função de compressão MMO é a melhor escolha com MDP entre as funções de compressão baseadas em cifra de bloco no modelo Preneel-Govaerts-Vandewalle em termos de segurança comprovável.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Shoichi HIROSE, Hidenori KUWAKADO, "Efficient Pseudorandom-Function Modes of a Block-Cipher-Based Hash Function" in IEICE TRANSACTIONS on Fundamentals,
vol. E92-A, no. 10, pp. 2447-2453, October 2009, doi: 10.1587/transfun.E92.A.2447.
Abstract: This article discusses the provable security of pseudo-random-function (PRF) modes of an iterated hash function using a block cipher. The iterated hash function uses the Matyas-Meyer-Oseas (MMO) mode for the compression function and the Merkle-Damgård with a permutation (MDP) for the domain extension transform. It is shown that the keyed-via-IV mode and the key-prefix mode of the iterated hash function are pseudorandom functions if the underlying block cipher is a pseudorandom permutation under a related-key attack with respect to the permutation used in MDP. More precisely, the key-prefix mode also requires that EIV(K)+ K is pseudoramdom, where E is the underlying block cipher, IV is the fixed initial value of the hash function, and K is a secret key. It is also confirmed that the MMO compression function is the best choice with MDP among the block-cipher-based compression functions in the Preneel-Govaerts-Vandewalle model in terms of the provable security.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E92.A.2447/_p
Copiar
@ARTICLE{e92-a_10_2447,
author={Shoichi HIROSE, Hidenori KUWAKADO, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Efficient Pseudorandom-Function Modes of a Block-Cipher-Based Hash Function},
year={2009},
volume={E92-A},
number={10},
pages={2447-2453},
abstract={This article discusses the provable security of pseudo-random-function (PRF) modes of an iterated hash function using a block cipher. The iterated hash function uses the Matyas-Meyer-Oseas (MMO) mode for the compression function and the Merkle-Damgård with a permutation (MDP) for the domain extension transform. It is shown that the keyed-via-IV mode and the key-prefix mode of the iterated hash function are pseudorandom functions if the underlying block cipher is a pseudorandom permutation under a related-key attack with respect to the permutation used in MDP. More precisely, the key-prefix mode also requires that EIV(K)+ K is pseudoramdom, where E is the underlying block cipher, IV is the fixed initial value of the hash function, and K is a secret key. It is also confirmed that the MMO compression function is the best choice with MDP among the block-cipher-based compression functions in the Preneel-Govaerts-Vandewalle model in terms of the provable security.},
keywords={},
doi={10.1587/transfun.E92.A.2447},
ISSN={1745-1337},
month={October},}
Copiar
TY - JOUR
TI - Efficient Pseudorandom-Function Modes of a Block-Cipher-Based Hash Function
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 2447
EP - 2453
AU - Shoichi HIROSE
AU - Hidenori KUWAKADO
PY - 2009
DO - 10.1587/transfun.E92.A.2447
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E92-A
IS - 10
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - October 2009
AB - This article discusses the provable security of pseudo-random-function (PRF) modes of an iterated hash function using a block cipher. The iterated hash function uses the Matyas-Meyer-Oseas (MMO) mode for the compression function and the Merkle-Damgård with a permutation (MDP) for the domain extension transform. It is shown that the keyed-via-IV mode and the key-prefix mode of the iterated hash function are pseudorandom functions if the underlying block cipher is a pseudorandom permutation under a related-key attack with respect to the permutation used in MDP. More precisely, the key-prefix mode also requires that EIV(K)+ K is pseudoramdom, where E is the underlying block cipher, IV is the fixed initial value of the hash function, and K is a secret key. It is also confirmed that the MMO compression function is the best choice with MDP among the block-cipher-based compression functions in the Preneel-Govaerts-Vandewalle model in terms of the provable security.
ER -