Open AccessIndifferentiable hash functions in the standard model
Author(s) -
Partala Juha
Publication year - 2021
Publication title -
iet information security
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.308
H-Index - 34
eISSN - 1751-8717
pISSN - 1751-8709
DOI - 10.1049/ise2.12025
Subject(s) - hash function , random oracle , collision resistance , sha 2 , iterated function , oracle , swifft , extension (predicate logic) , computer science , standard model (mathematical formulation) , function (biology) , mathematics , algorithm , double hashing , hash chain , cryptographic hash function , computer security , encryption , mathematical analysis , public key cryptography , archaeology , gauge (firearms) , evolutionary biology , biology , programming language , history , software engineering
Indifferentiability of iterated hash functions is seen as evidence that there are no structural flaws in the iteration structure of the algorithm. However, it is often overlooked that such considerations only hold in the random oracle model and do not give any guarantee in the standard model. In this article, we show the following separation result: there is a hash function that is indifferentiable from a random oracle, but is totally insecure in the standard model. In particular, we show that it does not satisfy collision or multicollision‐resistance, second preimage‐resistance or preimage‐resistance for any family of compression functions. Therefore, at least in theory, hash function indifferentiability does not guarantee the structural integrity of the hash algorithm in the standard model. Results in the random oracle model are not affected.