## CryptoDB

### Zheng Gong

#### Publications

Year
Venue
Title
2008
EPRINT
This paper reconsiders the security of the rate-1 double block length hash functions, which based on a block cipher with a block length of $n$-bit and a key length of $2n$-bit. Counter-examples and new attacks are presented on this general class of double block length hash functions with rate 1, which disclose there exist uncovered flaws in the former analysis given by Satoh \textit{et al.} and Hirose. Preimage and second preimage attacks are designed to break Hirose's two examples which were left as an open problem. Some refined conditions are proposed for ensuring this general class of the rate-1 hash functions to be optimally secure against the collision attack. In particular, two typical examples, which designed under the proposed conditions, are proven to be indifferentiable from the random oracle in the ideal cipher model. The security results are extended to a new class of double block length hash functions with rate 1, where one block cipher used in the compression function has the key length is equal to the block length, while the other is doubled.
2008
EPRINT
This paper reconsiders the security of the rate-1 double block length hash functions, which based on a block cipher with a block length of $n$-bit and a key length of $2n$-bit. Counter-examples and new attacks are presented on this general class of double block length hash functions with rate 1, which disclose there exist uncovered flaws in the former analysis given by Satoh \textit{et al.} and Hirose. Preimage and second preimage attacks are designed to break Hirose's two examples which were left as an open problem. Some refined conditions are proposed for ensuring this general class of the rate-1 hash functions to be optimally secure against the collision attack. In particular, two typical examples, which designed under the proposed conditions, are proven to be indifferentiable from the random oracle in the ideal cipher model. The security results are extended to a new class of double block length hash functions with rate 1, where one block cipher used in the compression function has the key length is equal to the block length, while the other is doubled.
2007
EPRINT
Nowadays, investigating what construction is better to be a cryptographic hash function is red hot. In TCC'04, Maurer et al. first introduced the notion of indifferentiability as a generalization of the concept of the indistinguishability of two cryptosystems. In AsiaCrypt 06, Chang et al. analyzed the indifferentiability security of some popular block-cipher-based hash functions, such as PGV constructions and MDC-2. In this paper, we investigate Chang et al.'s analysis of PGV constructions and the PBGV double block length constructions. In particular, we point out a more precise adversarial advantage of indifferentiability, by considering the two situations that whether the hash function is either keyed or not. Furthermore, Chang et al. designed attacks on 4 PGV hash functions and PBGV hash function to prove they are differentiable from random oracle with prefix-free padding. We find a limitation in their differentiable attacks and construct our simulations to obtain the controversy results that those schemes are indifferentiable from random oracle with prefix-free padding and some other popular constructions.

Kefei Chen (3)
Xuejia Lai (3)