TY - JOUR
T1 - MJH: a faster alternative to MDC-2
AU - Lee, Jooyoung
AU - Stam, Martijn
PY - 2015/8
Y1 - 2015/8
N2 - In this paper, we introduce a new class of double-block-length hash
functions. Using the ideal cipher model, we prove that these hash
functions, dubbed MJH, are asymptotically collision resistant up to O(2n(1−ϵ)) query complexity for any ϵ>0 in the iteration, where n is the block size of the underlying blockcipher. When based on n-bit
key blockciphers, our construction, being of rate 1/2, provides better
provable security than MDC-2, the only known construction of a rate-1/2
double-length hash function based on an n-bit
key blockcipher with non-trivial provable security. Moreover, since key
scheduling is performed only once per message block for MJH, our
proposal significantly outperforms MDC-2 in efficiency. When based on a 2n-bit key blockcipher, we can use the extra n
bits of key to increase the amount of payload accordingly. Thus we get a
rate-1 hash function that is much faster than existing proposals, such
as Tandem-DM with comparable provable security. This is the full version
of Lee and Stam (A faster alternative to MDC-2, 2011).
AB - In this paper, we introduce a new class of double-block-length hash
functions. Using the ideal cipher model, we prove that these hash
functions, dubbed MJH, are asymptotically collision resistant up to O(2n(1−ϵ)) query complexity for any ϵ>0 in the iteration, where n is the block size of the underlying blockcipher. When based on n-bit
key blockciphers, our construction, being of rate 1/2, provides better
provable security than MDC-2, the only known construction of a rate-1/2
double-length hash function based on an n-bit
key blockcipher with non-trivial provable security. Moreover, since key
scheduling is performed only once per message block for MJH, our
proposal significantly outperforms MDC-2 in efficiency. When based on a 2n-bit key blockcipher, we can use the extra n
bits of key to increase the amount of payload accordingly. Thus we get a
rate-1 hash function that is much faster than existing proposals, such
as Tandem-DM with comparable provable security. This is the full version
of Lee and Stam (A faster alternative to MDC-2, 2011).
U2 - 10.1007/s10623-014-9936-6
DO - 10.1007/s10623-014-9936-6
M3 - Article (Academic Journal)
SN - 0925-1022
VL - 76
SP - 179
EP - 205
JO - Designs, Codes and Cryptography
JF - Designs, Codes and Cryptography
IS - 2
ER -