On hashing with tweakable ciphers
conference contributionposted on 2009-12-16, 15:05 authored by Raphael C.-W. Phan, Jean-Philippe Aumasson
Cryptographic hash functions are often built on block ciphers in order to reduce the security analysis of the hash to that of the cipher, and to minimize the hardware size. Well known hash constructs are used in international standards like MD5 and SHA-1. Recently, researchers proposed new modes of operations for hash functions to protect against generic attacks, and it remains open how to base such functions on block ciphers. An attracting and intuitive choice is to combine previous constructions with tweakable block ciphers. We investigate such constructions, and show the surprising result that combining a provably secure mode of operation with a provably secure tweakable cipher does not guarantee the security of the constructed hash function. In fact, simple attacks can be possible when the interaction between secure components leaves some additional "freedom" to an adversary. Our techniques are derived from the principle of slide attacks, which were introduced for attacking block ciphers.
- Mechanical, Electrical and Manufacturing Engineering
CitationPHAN, R.C.-W. and AUMASSON, J.-P., 2009. On hashing with tweakable ciphers. IN: IEEE International Conference on Communications, (ICC '09), Dresden, 14-18 June, pp. 1 - 5.
- VoR (Version of Record)
NotesThis is a conference paper [© IEEE]. It is also available at: http://ieeexplore.ieee.org/ Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.