A Second Preimage Attack on the XOR Hash Combiner
The exclusive-or (XOR) hash combiner is a classical hash function combiner, which is well known as a good PRF and MAC combiner, and is used in practice in TLS versions 1.0 and 1.1. In this work, we analyze the second preimage resistance of the XOR combiner underlying two different narrow-pipe hash f...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2024-01-01
|
| Series: | IET Information Security |
| Online Access: | http://dx.doi.org/10.1049/2024/1230891 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832559631584460800 |
|---|---|
| author | Shiwei Chen Ting Cui Chenhui Jin Congjun Wang |
| author_facet | Shiwei Chen Ting Cui Chenhui Jin Congjun Wang |
| author_sort | Shiwei Chen |
| collection | DOAJ |
| description | The exclusive-or (XOR) hash combiner is a classical hash function combiner, which is well known as a good PRF and MAC combiner, and is used in practice in TLS versions 1.0 and 1.1. In this work, we analyze the second preimage resistance of the XOR combiner underlying two different narrow-pipe hash functions with weak ideal compression functions. To control simultaneously the behavior of the two different hash functions, we develop a new structure called multicollision-and-double-diamond. Multicollision-and-double-diamond structure is constructed using the idea of meet-in-the-middle technique, combined with Joux’s multicollision and Chen’s inverse-diamond structure. Then based on the multicollision-and-double-diamond structure, we present a second preimage attack on the XOR hash combiner with the time complexity of about O2n+12n/2+n−l2n−l+n−k2n−k+2l+1+2k+1) (n is the size of the XOR hash combiner and l and k are respectively the depths of the two inverse-diamond structures), less than the ideal time complexity O2n, and memory of about O2k+2l. |
| format | Article |
| id | doaj-art-76ce1389d8214120b5e9a30224deec27 |
| institution | Kabale University |
| issn | 1751-8717 |
| language | English |
| publishDate | 2024-01-01 |
| publisher | Wiley |
| record_format | Article |
| series | IET Information Security |
| spelling | doaj-art-76ce1389d8214120b5e9a30224deec272025-02-03T01:29:35ZengWileyIET Information Security1751-87172024-01-01202410.1049/2024/1230891A Second Preimage Attack on the XOR Hash CombinerShiwei Chen0Ting Cui1Chenhui Jin2Congjun Wang3The Department of Applied MathematicsThe Department of Applied MathematicsThe Department of Applied MathematicsThe Department of Applied MathematicsThe exclusive-or (XOR) hash combiner is a classical hash function combiner, which is well known as a good PRF and MAC combiner, and is used in practice in TLS versions 1.0 and 1.1. In this work, we analyze the second preimage resistance of the XOR combiner underlying two different narrow-pipe hash functions with weak ideal compression functions. To control simultaneously the behavior of the two different hash functions, we develop a new structure called multicollision-and-double-diamond. Multicollision-and-double-diamond structure is constructed using the idea of meet-in-the-middle technique, combined with Joux’s multicollision and Chen’s inverse-diamond structure. Then based on the multicollision-and-double-diamond structure, we present a second preimage attack on the XOR hash combiner with the time complexity of about O2n+12n/2+n−l2n−l+n−k2n−k+2l+1+2k+1) (n is the size of the XOR hash combiner and l and k are respectively the depths of the two inverse-diamond structures), less than the ideal time complexity O2n, and memory of about O2k+2l.http://dx.doi.org/10.1049/2024/1230891 |
| spellingShingle | Shiwei Chen Ting Cui Chenhui Jin Congjun Wang A Second Preimage Attack on the XOR Hash Combiner IET Information Security |
| title | A Second Preimage Attack on the XOR Hash Combiner |
| title_full | A Second Preimage Attack on the XOR Hash Combiner |
| title_fullStr | A Second Preimage Attack on the XOR Hash Combiner |
| title_full_unstemmed | A Second Preimage Attack on the XOR Hash Combiner |
| title_short | A Second Preimage Attack on the XOR Hash Combiner |
| title_sort | second preimage attack on the xor hash combiner |
| url | http://dx.doi.org/10.1049/2024/1230891 |
| work_keys_str_mv | AT shiweichen asecondpreimageattackonthexorhashcombiner AT tingcui asecondpreimageattackonthexorhashcombiner AT chenhuijin asecondpreimageattackonthexorhashcombiner AT congjunwang asecondpreimageattackonthexorhashcombiner AT shiweichen secondpreimageattackonthexorhashcombiner AT tingcui secondpreimageattackonthexorhashcombiner AT chenhuijin secondpreimageattackonthexorhashcombiner AT congjunwang secondpreimageattackonthexorhashcombiner |