Domain extender for collision resistant hash functions: Improving upon Merkle-Damgård iteration.

Discrete Applied Mathematics 01/2009; 157:1086-1097. DOI: 10.1016/j.dam.2008.03.038
Source: DBLP

ABSTRACT We study the problem of securely extending the domain of a collision resistant compression function. A new construction based on directed acyclic graphs is described. This generalizes the usual iterated hashing constructions. Our main contribution is to introduce a new technique for hashing arbitrary length strings. Combined with DAG based hashing, this technique gives a new hashing algorithm. The amount of padding and the number of invocations of the compression function required by the new algorithm is smaller than the general Merkle-Damgard algorithm. Lastly, we describe the design of a new parallel hash algorithm.

  • [Show abstract] [Hide abstract]
    ABSTRACT: Suffix-free padding ruels is the sufficient and necessary conditions to preserve the collision security for MD iterated hash functions. We provide a suffix-free length encoding padding rule to the iterated construction hash function to present an efficient new hash transform. The new padding rule requires no change in the internals of a hash function, runs as efficiently as the original, and as usual it is collision-resistance preserving. The padding rule is better than some known padding rules in terms of the padding size and the message space.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper characterizes collision preserving padding rules and provides variants of Merkle-Damg ard (MD) which are having less or no overhead costs due to length. We rst show that sux-free property of padding rule is necessary as well as sucient to preserve the collision security of MD hash function for an arbitrary domainf0; 1g . Knowing this, we propose a simple sux-free padding rule padding only log jMj bits for a message M, which is less than that of Damg ard's and Sarkar's padding rules. We also prove that the length-padding is not absolutely necessary. We show that a simple variant of MD with 10d-padding (or any injective padding) is collision resistant provided that the underlying compression function is collision resistant after chopping the last-bit. Finally, we design another variant of MD hash function preserving all three basic security notions of hash functions, namely collision and (2nd) preimage. This is an improvement over a recently designed (SAC-08) three-property preserving hash function in terms of both salt size and eciency.
    Information Security and Privacy, 14th Australasian Conference, ACISP 2009, Brisbane, Australia, July 1-3, 2009, Proceedings; 01/2009
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: We answer the question of Reyhanitabar et al. from FSE’09 of constructing a domain extension scheme for enhanced target collision-resistant (eTCR) hash functions with sublinear key expansion. The eTCR property, introduced by Halevi and Krawczyk [1], is a natural fit for hash-and-sign signature schemes, offering an attractive alternative to collision-resistant hash functions. We prove a new composition theorem for eTCR, and demonstrate that eTCR compression functions exist if and only if one-way functions do.
    Fast Software Encryption, 17th International Workshop, FSE 2010, Seoul, Korea, February 7-10, 2010, Revised Selected Papers; 01/2010


Available from