[Resource Topic] 2015/973: Some Cryptanalytic Results on Zipper Hash and Concatenated Hash

Welcome to the resource topic for 2015/973

Title:
Some Cryptanalytic Results on Zipper Hash and Concatenated Hash

Authors: Ashwin Jha, Mridul Nandi

Abstract:

At SAC 2006, Liskov proposed the zipper hash, a technique for constructing secure (indifferentiable from random oracles) hash functions based on weak (invertible) compression functions. Zipper hash is a two pass scheme, which makes it unfit for practical consideration. But, from the theoretical point of view it seemed to be secure, as it had resisted standard attacks for long. Recently, Andreeva {\em et al.} gave a forced-suffix herding attack on the zipper hash, and Chen and Jin showed a second preimage attack provided f_1 is strong invertible. In this paper, we analyse the construction under the random oracle model as well as when the underlying compression functions have some weakness. We show (second) preimage, and herding attacks on an n-bit zipper hash and its relaxed variant with f_1 = f_2, all of which require less than 2^{n} online computations. Hoch and Shamir have shown that the concatenated hash offers only \frac{n}{2}-bits security when both the underlying compression functions are strong invertible. We show that the bound is tight even when only one of the underlying compression functions is strong invertible.

ePrint: https://eprint.iacr.org/2015/973

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .