Duplexing the sponge: single-pass authenticated encryption and other applications
This paper proposes a novel construction, called duplex, closely related to the sponge
construction, that accepts message blocks to be hashed and–at no extra cost–provides …
construction, that accepts message blocks to be hashed and–at no extra cost–provides …
Careful with composition: Limitations of the indifferentiability framework
We exhibit a hash-based storage auditing scheme which is provably secure in the random-
oracle model (ROM), but easily broken when one instead uses typical indifferentiable hash …
oracle model (ROM), but easily broken when one instead uses typical indifferentiable hash …
On finding quantum multi-collisions
A k-collision for a compressing hash function H is a set of k distinct inputs that all map to the
same output. In this work, we show that for any constant k,\varTheta\left (N^ 1 2 (1-1 2^ k …
same output. In this work, we show that for any constant k,\varTheta\left (N^ 1 2 (1-1 2^ k …
To Hash or Not to Hash Again?(In) Differentiability Results for and HMAC
We show that the second iterate H^ 2 (M)= H (H (M)) of a random oracle H cannot achieve
strong security in the sense of indifferentiability from a random oracle. We do so by proving …
strong security in the sense of indifferentiability from a random oracle. We do so by proving …
Quantum multicollision-finding algorithm
A Hosoyamada, Y Sasaki, K Xagawa - … on the Theory and Applications of …, 2017 - Springer
The current paper presents a new quantum algorithm for finding multicollisions, often
denoted by l-collisions, where an l-collision for a function is a set of l distinct inputs having …
denoted by l-collisions, where an l-collision for a function is a set of l distinct inputs having …
From indifferentiability to constructive cryptography (and back)
The concept of indifferentiability of systems, a generalized form of indistinguishability, was
proposed in 2004 to provide a simplified and generalized explanation of impossibility results …
proposed in 2004 to provide a simplified and generalized explanation of impossibility results …
LSH: A new fast secure hash function family
DC Kim, D Hong, JK Lee, WH Kim, D Kwon - Information Security and …, 2015 - Springer
Since Wang's attacks on the standard hash functions MD5 and SHA-1, design and analysis
of hash functions have been studied a lot. NIST selected Keccak as a new hash function …
of hash functions have been studied a lot. NIST selected Keccak as a new hash function …
Resource-restricted indifferentiability
A major general paradigm in cryptography is the following argument: Whatever an adversary
could do in the real world, it could just as well do in the ideal world. The standard …
could do in the real world, it could just as well do in the ideal world. The standard …
Security analysis of the mode of JH hash function
Recently, NIST has selected 14 second round candidates of SHA3 competition. One of these
candidates will win the competition and eventually become the new hash function standard …
candidates will win the competition and eventually become the new hash function standard …
Beyond conventional security in sponge-based authenticated encryption modes
The Sponge function is known to achieve 2^ c/2 2 c/2 security, where c is its capacity. This
bound was carried over to its keyed variants, such as SpongeWrap, to achieve a\min {2^ c/2 …
bound was carried over to its keyed variants, such as SpongeWrap, to achieve a\min {2^ c/2 …