MMO圧縮関数とMDP定義域拡大によるハッシュ関数

廣瀬 勝一; 桑門 秀典

Presentation	2008-07-25 Hash Function Using MMO Compression Function and MDP Domain Extension Shoichi HIROSE, Hidenori KUWAKADO,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	This article discusses the provable security of a hash function using a block cipher. It assumes the construction using the Matyas-Meyer-Oseas (MMO) scheme for the compression function and the Merkle-Damgard with a permutation (MDP) for the domain extension transform. It is shown that this kind of hash function, MDP-MMO, is indifferentiable from the variable-input-length random oracle in the ideal cipher model. It is also shown that HMAC using MDP-MMO is a pseudorandom function if the underlying block cipher is a pseudorandom permutation under the related-key attack with respect to a permutation used in MDP. Actually, the latter result also assumes that the following function is a pseudorandom bit generator: (E_(K ⊕ opad) ⊕ K ⊕ opad)‖(E_(K ⊕ ipad) ⊕ K ⊕ ipad), where E is the underlying block cipher, IV is the fixed initial value of MDP-MMO, and opad and ipad are the binary strings used in HMAC. This assumption still seems reasonable for actual block ciphers, though it cannot be implied by the pseudorandomness of E as a block cipher. The results of this article imply that the security of a hash function may be reduced to the security of the underlying block cipher to more extent with the MMO compression function than with the Davies-Meyer (DM) compression function, though the DM scheme is implicitly used by the widely used hash functions such as SHA-1 and MD5.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	Hash function / Matyas-Meyer-Oseas / Indifferentiability / Ideal cipher model / HMAC / Related-key attack
Paper #	ISEC2008-47
Date of Issue

Conference Information
Committee	ISEC
Conference Date	2008/7/17(1days)
Place (in Japanese)	(See Japanese page)
Place (in English)
Topics (in Japanese)	(See Japanese page)
Topics (in English)
Chair
Vice Chair
Secretary
Assistant

Paper Information
Registration To	Information Security (ISEC)
Language	ENG
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	Hash Function Using MMO Compression Function and MDP Domain Extension
Sub Title (in English)
Keyword(1)	Hash function
Keyword(2)	Matyas-Meyer-Oseas
Keyword(3)	Indifferentiability
Keyword(4)	Ideal cipher model
Keyword(5)	HMAC
Keyword(6)	Related-key attack
1st Author's Name	Shoichi HIROSE
1st Author's Affiliation	Graduate School of Engineering, University of Fukui()
2nd Author's Name	Hidenori KUWAKADO
2nd Author's Affiliation	Graduate School of Engineering, Kobe University
Date	2008-07-25
Paper #	ISEC2008-47
Volume (vol)	vol.108
Number (no)	162
Page	pp.pp.-
#Pages	8
Date of Issue