Security Properties of Domain Extenders for Cryptographic Hash Functions

Elena Andreeva, Bart Mennink and Bart Preneel
Volume: 6, No: 4, Page: 453 ~ 480, Year: 2010
10.3745/JIPS.2010.6.4.453
Keywords: Hash Functions, Domain Extenders, Security Properties
Full Text:

Abstract
Cryptographic hash functions reduce inputs of arbitrary or very large length to a short string of fixed length. All hash function designs start from a compression function with fixed length inputs. The compression function itself is designed from scratch, or derived from a block cipher or a permutation. The most common procedure to extend the domain of a compression function in order to obtain a hash function is a simple linear iteration; however, some variants use multiple iterations or a tree structure that allows for parallelism. This paper presents a survey of 17 extenders in the literature. It considers the natural question whether these preserve the security properties of the compression function, and more in particular collision resistance, second preimage resistance, preimage resistance and the pseudo-random oracle property.

Article Statistics
Multiple requests among the same broswer session are counted as one view (or download).
If you mouse over a chart, a box will show the data point's value.


Cite this article
IEEE Style
Elena Andreeva, Bart Mennink and Bart Preneel , "Security Properties of Domain Extenders for Cryptographic Hash Functions," Journal of Information Processing Systems, vol. 6, no. 4, pp. 453~480, 2010. DOI: 10.3745/JIPS.2010.6.4.453 .

ACM Style
Elena Andreeva, Bart Mennink and Bart Preneel , "Security Properties of Domain Extenders for Cryptographic Hash Functions," Journal of Information Processing Systems, 6, 4, (2010), 453~480. DOI: 10.3745/JIPS.2010.6.4.453 .