컨텐츠 시작
학술대회/행사
초록검색
| 제출번호(No.) | 0560 |
|---|---|
| 분류(Section) | Invited Talk |
| 분과(Session) | Combinatorics / Graph Theory / Cryptography / Coding Theory (SS-05) |
| 영문제목 (Title(Eng.)) |
Indifferentiability and Merkle-Damg{\aa}rd construction |
| 저자(Author(s)) |
Aaram Yun1 UNIST, Korea1 |
| 초록본문(Abstract) | Merkle-Damg{\aa}rd construction is a very popular design paradigm for hash functions, which serially combines output of compression functions. While it was used in many important hash functions like MD5 and SHA1, it satisfies the \emph{extension property}, where one may compute $H(M_1\|M_2)$, given $M_2$, $H(M_1)$, and the length of $M_1$. While it may not be a fatal flaw by itself, it necessitates more care when such an hash function is applied for other cryptographic functions like authentication. We show that by applying a permutation with few fixed points right before the operation of the last compression function, we may remove the extension property, and this would for example lead to more efficient hash-based MAC construction than HMAC. We show the security of this scheme using the indifferentiability framework. |
| 분류기호 (MSC number(s)) |
94A60 |
| 키워드(Keyword(s)) | hash function, indifferentiability, Merkle-Damg{\aa}rd, permutation, compression function |
| 강연 형태 (Language of Session (Talk)) |
English |