Two-permutation-based hashing with binary mixing
We consider the generic design of compression functions based on two n-bit permutations and XOR-based mixing functions. It is known that any such function mapping n+α${n+\alpha }$ to α bits, with 1≤α≤n${1\le \alpha \le n}$, can achieve at most min{2α/2,2n/2-α/4}${\min \lbrace 2^{\alpha /2},2^{n/2-\a...
Saved in:
| Published in: | Journal of mathematical cryptology Vol. 9; no. 3; pp. 139 - 150 |
|---|---|
| Main Authors: | , , , |
| Format: | Journal Article |
| Language: | English |
| Published: |
De Gruyter
01-10-2015
|
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | We consider the generic design of compression functions based on two n-bit permutations and XOR-based mixing functions. It is known that any such function mapping n+α${n+\alpha }$ to α bits, with 1≤α≤n${1\le \alpha \le n}$, can achieve at most min{2α/2,2n/2-α/4}${\min \lbrace 2^{\alpha /2},2^{n/2-\alpha /4}\rbrace }$ collision security. Using techniques similar to Mennink and Preneel [CRYPTO 2012, Lecture Notes in Comput. Sci. 7417, Springer, Heidelberg (2012), 330–347], we show that there is only one equivalence class of these functions achieving optimal collision security, and additionally min{2α,2n/2}${\min \lbrace 2^{\alpha },2^{n/2}\rbrace }$ preimage security. The equivalence class compares well with existing functions based on two or three permutations, and is well-suited for wide-pipe hashing. |
|---|---|
| ISSN: | 1862-2976 1862-2984 |
| DOI: | 10.1515/jmc-2015-0015 |