Salvaging Merkle-Damgård for practical applications
Many cryptographic applications of hash functions are analyzed in the random oracle model.
Unfortunately, most concrete hash functions, including the SHA family, use the iterative …
Unfortunately, most concrete hash functions, including the SHA family, use the iterative …
Cryptographic hash functions: Recent design trends and security notions
Recent years have witnessed an exceptional research interest in cryptographic hash
functions, especially after the popular attacks against MD5 and SHA-1 in 2005. In 2007, the …
functions, especially after the popular attacks against MD5 and SHA-1 in 2005. In 2007, the …
10-round Feistel is indifferentiable from an ideal cipher
D Dachman-Soled, J Katz… - Advances in Cryptology …, 2016 - Springer
We revisit the question of constructing an ideal cipher from a random oracle. Coron et
al.(Journal of Cryptology, 2014) proved that a 14-round Feistel network using random …
al.(Journal of Cryptology, 2014) proved that a 14-round Feistel network using random …
Indifferentiability of truncated random permutations
One of natural ways of constructing a pseudorandom function from a pseudorandom
permutation is to simply truncate the output of the permutation. When n is the permutation …
permutation is to simply truncate the output of the permutation. When n is the permutation …
A note on the chi-square method: A tool for proving cryptographic security
S Bhattacharya, M Nandi - Cryptography and Communications, 2018 - Springer
Very recently (in CRYPTO 2017) Dai, Hoang, and Tessaro have introduced the Chi-square
method (χ 2 method) which can be applied to obtain an upper bound on the statistical …
method (χ 2 method) which can be applied to obtain an upper bound on the statistical …
A synthetic indifferentiability analysis of interleaved double-key Even-Mansour ciphers
C Guo, D Lin - International Conference on the Theory and …, 2015 - Springer
Abstract Iterated Even-Mansour scheme (IEM) is a generalization of the basic 1-round
proposal (ASIACRYPT'91). The scheme can use one key, two keys, or completely …
proposal (ASIACRYPT'91). The scheme can use one key, two keys, or completely …
Random oracle reducibility
P Baecher, M Fischlin - Advances in Cryptology–CRYPTO 2011: 31st …, 2011 - Springer
We discuss a reduction notion relating the random oracles in two cryptographic schemes A
and B. Basically, the random oracle of scheme B reduces to the one of scheme A if any hash …
and B. Basically, the random oracle of scheme B reduces to the one of scheme A if any hash …
Separating invertible key derivations from non-invertible ones: sequential indifferentiability of 3-round Even–Mansour
C Guo, D Lin - Designs, Codes and Cryptography, 2016 - Springer
Abstract Iterated Even–Mansour (IEM) scheme consists of a small number r of fixed n-bit
permutations separated by r+ 1 r+ 1 round-key additions. When the permutations are public …
permutations separated by r+ 1 r+ 1 round-key additions. When the permutations are public …
Sequential indifferentiability of confusion-diffusion networks
Q Da, S Xu, C Guo - International Conference on Cryptology in India, 2021 - Springer
A large proportion of modern symmetric cryptographic building blocks are designed using
the Substitution-Permutation Networks (SPNs), or more generally, Shannon's confusion …
the Substitution-Permutation Networks (SPNs), or more generally, Shannon's confusion …
How to confirm cryptosystems security: the original Merkle-Damgård is still alive!
Abstract At Crypto 2005, Coron et al. showed that Merkle-Damgård hash function (MDHF)
with a fixed input length random oracle is not indifferentiable from a random oracle RO due …
with a fixed input length random oracle is not indifferentiable from a random oracle RO due …