{"title":"超越生日界限的基于置换的散列算法","authors":"Charlotte Lefèvre, Bart Mennink","doi":"10.46586/tosc.v2024.i1.71-113","DOIUrl":null,"url":null,"abstract":"It is known that the sponge construction is tightly indifferentiable from a random oracle up to around 2c/2 queries, where c is the capacity. In particular, it cannot provide generic security better than half of the underlying permutation size. In this paper, we aim to achieve hash function security beating this barrier. We present a hashing mode based on two b-bit permutations named the double sponge. The double sponge can be seen as the sponge embedded within the double block length hashing paradigm, making two permutation calls in parallel interleaved with an efficient mixing function. Similarly to the sponge, the permutation size is split as b = r+c, and the underlying compression function absorbs r bits at a time. We prove that the double sponge is indifferentiable from a random oracle up to around 22c/3 queries. This means that the double sponge achieves security beyond the birthday bound in the capacity. In addition, if c > 3b/4, the double sponge beats the birthday bound in the primitive size, to our knowledge being the first hashing mode based on a permutation that accomplices this feature.","PeriodicalId":502677,"journal":{"name":"IACR Transactions on Symmetric Cryptology","volume":"67 5","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Permutation-Based Hashing Beyond the Birthday Bound\",\"authors\":\"Charlotte Lefèvre, Bart Mennink\",\"doi\":\"10.46586/tosc.v2024.i1.71-113\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"It is known that the sponge construction is tightly indifferentiable from a random oracle up to around 2c/2 queries, where c is the capacity. In particular, it cannot provide generic security better than half of the underlying permutation size. In this paper, we aim to achieve hash function security beating this barrier. We present a hashing mode based on two b-bit permutations named the double sponge. The double sponge can be seen as the sponge embedded within the double block length hashing paradigm, making two permutation calls in parallel interleaved with an efficient mixing function. Similarly to the sponge, the permutation size is split as b = r+c, and the underlying compression function absorbs r bits at a time. We prove that the double sponge is indifferentiable from a random oracle up to around 22c/3 queries. This means that the double sponge achieves security beyond the birthday bound in the capacity. In addition, if c > 3b/4, the double sponge beats the birthday bound in the primitive size, to our knowledge being the first hashing mode based on a permutation that accomplices this feature.\",\"PeriodicalId\":502677,\"journal\":{\"name\":\"IACR Transactions on Symmetric Cryptology\",\"volume\":\"67 5\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IACR Transactions on Symmetric Cryptology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.46586/tosc.v2024.i1.71-113\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IACR Transactions on Symmetric Cryptology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.46586/tosc.v2024.i1.71-113","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
众所周知,海绵结构在大约 2c/2 次查询(c 为容量)之前与随机oracle 紧密无关。特别是,它无法提供优于底层排列大小一半的通用安全性。在本文中,我们的目标是实现哈希函数的安全性,打破这一障碍。我们提出了一种基于两个 b 位排列的散列模式,命名为双海绵。双海绵散列模式可以看作是双块长度散列模式中的海绵散列,它利用高效的混合函数交错并行调用两次置换。与海绵类似,置换大小被分割为 b = r+c,底层压缩函数每次吸收 r 比特。我们证明,在大约 22c/3 查询量的情况下,双海绵与随机神谕是无关的。这意味着双海绵的安全性超过了容量的生日界限。此外,如果 c > 3b/4,双海绵在基元大小上也超过了生日界限,据我们所知,这是第一个基于排列组合的散列模式。
Permutation-Based Hashing Beyond the Birthday Bound
It is known that the sponge construction is tightly indifferentiable from a random oracle up to around 2c/2 queries, where c is the capacity. In particular, it cannot provide generic security better than half of the underlying permutation size. In this paper, we aim to achieve hash function security beating this barrier. We present a hashing mode based on two b-bit permutations named the double sponge. The double sponge can be seen as the sponge embedded within the double block length hashing paradigm, making two permutation calls in parallel interleaved with an efficient mixing function. Similarly to the sponge, the permutation size is split as b = r+c, and the underlying compression function absorbs r bits at a time. We prove that the double sponge is indifferentiable from a random oracle up to around 22c/3 queries. This means that the double sponge achieves security beyond the birthday bound in the capacity. In addition, if c > 3b/4, the double sponge beats the birthday bound in the primitive size, to our knowledge being the first hashing mode based on a permutation that accomplices this feature.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
