Security proofs for the MD6 hash function mode of operation

Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2008. === Includes bibliographical references (p. 79-82). === In recent years there have been a series of serious and alarming cryptanalytic attacks on several commonly-used hash functions, su...

Full description

Bibliographic Details
Main Author: Crutchfield, Christopher Yale
Other Authors: Ronald L. Rivest.
Format: Others
Language:English
Published: Massachusetts Institute of Technology 2009
Subjects:
Online Access:http://hdl.handle.net/1721.1/44425
id ndltd-MIT-oai-dspace.mit.edu-1721.1-44425
record_format oai_dc
spelling ndltd-MIT-oai-dspace.mit.edu-1721.1-444252019-05-02T15:48:20Z Security proofs for the MD6 hash function mode of operation Crutchfield, Christopher Yale Ronald L. Rivest. Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. Electrical Engineering and Computer Science. Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2008. Includes bibliographical references (p. 79-82). In recent years there have been a series of serious and alarming cryptanalytic attacks on several commonly-used hash functions, such as MD4, MD5, SHA-0, and SHA1 [13, 38]. These culminated with the celebrated work of Wang, Yin, and Yu from 2005, which demonstrated relatively efficient methods for finding collisions in the SHA-1 hash function [37]. Although there are several cryptographic hash functions - such as the SHA-2 family [28] - that have not yet succumbed to such attacks, the U.S. National Institute of Standards and Technology (NIST) put out a call in 2007 for candidate proposals for a new cryptographic hash function family, to be dubbed SHA-3 [29]. Hash functions are algorithms for converting an arbitrarily large input into a fixed-length message digest. They are typically composed of a compression function or block cipher that operate on fixed-length pieces of the input and a mode of operation that governs how apply the compression function or block cipher repeatedly on these pieces in order to allow for arbitrary-length inputs. Cryptographic hash functions are furthermore required to have several important and stringent security properties including (but not limited to) first-preimage resistance, second-preimage resistance, collision resistance, and for keyed hash functions, pseudorandomness. This work presents proofs of security for the mode of operation of the MD6 cryptographic hash function [32] - a candidate for the SHA-3 competition - which differs greatly from the modes of operation of many commonly-used hash functions today (MD4, MD5, as well as the SHA family of hash functions.) In particular, we demonstrate provably that the mode of operation used in MD6 preserves some cryptographic properties of the compression function - that is, assuming some ideal conditions about the compression function used, the overall MD6 hash function is secure as well. by Christopher Yale Crutchfield. S.M. 2009-01-30T16:45:19Z 2009-01-30T16:45:19Z 2008 2008 Thesis http://hdl.handle.net/1721.1/44425 289535139 eng M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582 84 p. application/pdf Massachusetts Institute of Technology
collection NDLTD
language English
format Others
sources NDLTD
topic Electrical Engineering and Computer Science.
spellingShingle Electrical Engineering and Computer Science.
Crutchfield, Christopher Yale
Security proofs for the MD6 hash function mode of operation
description Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2008. === Includes bibliographical references (p. 79-82). === In recent years there have been a series of serious and alarming cryptanalytic attacks on several commonly-used hash functions, such as MD4, MD5, SHA-0, and SHA1 [13, 38]. These culminated with the celebrated work of Wang, Yin, and Yu from 2005, which demonstrated relatively efficient methods for finding collisions in the SHA-1 hash function [37]. Although there are several cryptographic hash functions - such as the SHA-2 family [28] - that have not yet succumbed to such attacks, the U.S. National Institute of Standards and Technology (NIST) put out a call in 2007 for candidate proposals for a new cryptographic hash function family, to be dubbed SHA-3 [29]. Hash functions are algorithms for converting an arbitrarily large input into a fixed-length message digest. They are typically composed of a compression function or block cipher that operate on fixed-length pieces of the input and a mode of operation that governs how apply the compression function or block cipher repeatedly on these pieces in order to allow for arbitrary-length inputs. Cryptographic hash functions are furthermore required to have several important and stringent security properties including (but not limited to) first-preimage resistance, second-preimage resistance, collision resistance, and for keyed hash functions, pseudorandomness. This work presents proofs of security for the mode of operation of the MD6 cryptographic hash function [32] - a candidate for the SHA-3 competition - which differs greatly from the modes of operation of many commonly-used hash functions today (MD4, MD5, as well as the SHA family of hash functions.) In particular, we demonstrate provably that the mode of operation used in MD6 preserves some cryptographic properties of the compression function - that is, assuming some ideal conditions about the compression function used, the overall MD6 hash function is secure as well. === by Christopher Yale Crutchfield. === S.M.
author2 Ronald L. Rivest.
author_facet Ronald L. Rivest.
Crutchfield, Christopher Yale
author Crutchfield, Christopher Yale
author_sort Crutchfield, Christopher Yale
title Security proofs for the MD6 hash function mode of operation
title_short Security proofs for the MD6 hash function mode of operation
title_full Security proofs for the MD6 hash function mode of operation
title_fullStr Security proofs for the MD6 hash function mode of operation
title_full_unstemmed Security proofs for the MD6 hash function mode of operation
title_sort security proofs for the md6 hash function mode of operation
publisher Massachusetts Institute of Technology
publishDate 2009
url http://hdl.handle.net/1721.1/44425
work_keys_str_mv AT crutchfieldchristopheryale securityproofsforthemd6hashfunctionmodeofoperation
_version_ 1719028933188386816