Preimage resistance is the property of a hash function that it is hard to invert, that is, given an element in the range of a hash function, it should be computationally infeasible to find an input that maps to that element. This property corresponds to one-wayness, which is typically ...
Preimage Resistance 来自 Springer 喜欢 0 阅读量: 97 作者: B Preneel 摘要: Preimage resistance is the property of a hash function that it is hard to invert, that is, given an element in the range of a hash function, it should be computationally infeasible to find an input that maps to ...
In this paper, we introduce a new notion of security, called adaptive preimage resistance. We prove that a compression function that is collision resistant and adaptive preimage resistant can be combined with a public random function to yield a hash function that is indifierentiable from a random...
This paper evaluates the preimage resistance of the Tiger hash function. To our best knowledge, the maximum number of the attacked steps is 17 among previo... L Wang,S Yu - 《Ieice Transactions on Fundamentals of Electronics Communications & Computer Sciences》 被引量: 116发表: 2011年 Advanced...
Summary: In August 2012, the Stribog hash function was selected as the new Russian cryptographic hash standard (GOST R 34.11-2012). Stribog employs twelve rounds of an AES-based compression function operating in Miyaguchi-Preneel mode. In this paper, we investigate the preimage resistance of the...
但是实际上根据CRHF定义,如果一个函数是抗碰撞的,指的是任何多项式时间敌手,不能在多项式时间内,以不可忽略概率找到x1≠x2,且h(x1)=h(x2),这样即为collision resistant。这代表可能存在不同输入但是对应相同输出,只要无法在多项式时间内以不可忽略概率找到即可满足条件。对于h'(x),如果仅仅存在一组碰撞值...
In this paper, we focus on preimage resistance. There are many known attack methods against the hash functions. We pay our attention to the splice-and-cut meet-in-the-middle preimage attack against cryptographic hash function HAVAL-3 designed by Zheng et al. in 1992 and improve the previous...
c International Association for Cryptologic Research 2011 Meet-in-the-Middle Preimage Attacks on AES 379 Tag-based applications, such as authentication or anonymity/privacy, do not need the collision resistance [10]. Hence, building a 128-bit hash function with AES is a possible candidate. In ...
Second-preimage resistanceWe propose a new construction for Merkle authentication trees which does not require collision resistant hash functions; in contrast with previous constructions that attempted to avoid the dependency on collision resistance, our technique enjoys provable security assuming the well-...
In this paper, we study the preimage resistance of the Maelstrom-0 hash function using its proposed 3CM chaining construction. More precisely, we apply a meet-in-the-middle preimage attack on the compression function and combine it with a guess and determine approach which allows us to obtain ...