Skip to main content
Article thumbnail
Location of Repository

Practical Hash Functions Constructions Resistant to Generic Second Preimage Attacks Beyond the Birthday Bound

By Charles Bouillaguet and Pierre-alain Fouque


Most cryptographic hash functions rely on a simpler primitive called a compression function, and in nearly all cases, there is a reduction between some of the security properties of the full hash function and those of the compression function. For instance, a celebrated result of Merkle and Damg˚ard from 1989 states that a collision on the hash function cannot be found without finding a collision on the compression function at the same time. This is however not the case for another basic requirement, namely second preimage resistance. In fact, on many popular hash functions it is possible to find a second preimage on the iteration without breaking the compression function. This paper studies the resistance of two practical modes of operations of hash functions against such attacks. We prove that the known generic second preimage attacks against the Merkle-Damg˚ard construction are optimal, and that there is no generic second preimage attack faster than exhaustive search on Haifa, a recent proposal by Biham and Dunkelman. Keywords: hash functions, modes of operation, second preimage attacks, provable security 1

Year: 2010
OAI identifier: oai:CiteSeerX.psu:
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • (external link)
  • (external link)
  • Suggested articles

    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.