Collision-Resistant Hashing: Towards Making UOWHFs Practical


Authors: Mihir Bellare and Phillip Rogaway

Reference: Advances in Cryptology - CRYPTO '97, Lecture Notes in Computer Science, Vol. 1294, B. Kaliski. ed., Springer-Verlag, 1997.

Abstract: Recent attacks on the cryptographic hash functions MD4 and MD5 make it clear that (strong) collision-resistance is a hard-to-achieve goal. We look towards a weaker notion, the universal one-way hash functions (UOWHFs) of Naor and Yung, and investigate their practical potential. The goal is to build UOWHFs not based on number theoretic assumptions, but from the primitives underlying current cryptographic hash functions like MD5 and SHA. Pursuing this goal leads us to new questions. The main one is how to extend a compression function to a full-fledged hash function in this new setting. We show that the classic Merkle-Damgard method used in the standard setting fails for these weaker kinds of hash functions, and we present some new methods that work. Our main construction is the "XOR tree." We also consider the problem of input length-variability and present a general solution.


Full version available in PDF or PostScript


Rogaway's home page.