Breaking and Fixing Cryptophia’s Short Combiner View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2014

AUTHORS

Bart Mennink , Bart Preneel

ABSTRACT

A combiner is a construction formed out of two hash functions that is secure if one of the underlying functions is. Conventional combiners are known not to support short outputs: if the hash functions have n-bit outputs the combiner should have at least almost 2n bits of output in order to be robust for collision resistance (Pietrzak, CRYPTO 2008). Mittelbach (ACNS 2013) introduced a relaxed security model for combiners and presented “Cryptophia’s short combiner,” a rather delicate construction of an n-bit combiner that achieves optimal collision, preimage, and second preimage security. We re-analyze Cryptophia’s combiner and show that a collision can be found in two queries and a second preimage in one query, invalidating the claimed results. We additionally propose a way to fix the design in order to re-establish the original security results. More... »

PAGES

50-63

Book

TITLE

Cryptology and Network Security

ISBN

978-3-319-12279-3
978-3-319-12280-9

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-319-12280-9_4

DOI

http://dx.doi.org/10.1007/978-3-319-12280-9_4

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1048077518


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Dept. Electrical Engineering, ESAT/COSIC, KU Leuven, and iMinds, Belgium", 
          "id": "http://www.grid.ac/institutes/grid.5596.f", 
          "name": [
            "Dept. Electrical Engineering, ESAT/COSIC, KU Leuven, and iMinds, Belgium"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Mennink", 
        "givenName": "Bart", 
        "id": "sg:person.012130641461.76", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012130641461.76"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Dept. Electrical Engineering, ESAT/COSIC, KU Leuven, and iMinds, Belgium", 
          "id": "http://www.grid.ac/institutes/grid.5596.f", 
          "name": [
            "Dept. Electrical Engineering, ESAT/COSIC, KU Leuven, and iMinds, Belgium"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Preneel", 
        "givenName": "Bart", 
        "id": "sg:person.011115044357.39", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011115044357.39"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2014", 
    "datePublishedReg": "2014-01-01", 
    "description": "A combiner is a construction formed out of two hash functions that is secure if one of the underlying functions is. Conventional combiners are known not to support short outputs: if the hash functions have n-bit outputs the combiner should have at least almost 2n bits of output in order to be robust for collision resistance (Pietrzak, CRYPTO 2008). Mittelbach (ACNS 2013) introduced a relaxed security model for combiners and presented \u201cCryptophia\u2019s short combiner,\u201d a rather delicate construction of an n-bit combiner that achieves optimal collision, preimage, and second preimage security. We re-analyze Cryptophia\u2019s combiner and show that a collision can be found in two queries and a second preimage in one query, invalidating the claimed results. We additionally propose a way to fix the design in order to re-establish the original security results.", 
    "editor": [
      {
        "familyName": "Gritzalis", 
        "givenName": "Dimitris", 
        "type": "Person"
      }, 
      {
        "familyName": "Kiayias", 
        "givenName": "Aggelos", 
        "type": "Person"
      }, 
      {
        "familyName": "Askoxylakis", 
        "givenName": "Ioannis", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-319-12280-9_4", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-319-12279-3", 
        "978-3-319-12280-9"
      ], 
      "name": "Cryptology and Network Security", 
      "type": "Book"
    }, 
    "keywords": [
      "hash function", 
      "security model", 
      "security results", 
      "n-bit output", 
      "preimage security", 
      "collision resistance", 
      "queries", 
      "short output", 
      "bit of output", 
      "second preimage", 
      "optimal collision", 
      "security", 
      "Mittelbach", 
      "bits", 
      "output", 
      "preimage", 
      "combiner", 
      "order", 
      "construction", 
      "design", 
      "way", 
      "collisions", 
      "model", 
      "results", 
      "function", 
      "delicate construction", 
      "resistance", 
      "conventional combiner"
    ], 
    "name": "Breaking and Fixing Cryptophia\u2019s Short Combiner", 
    "pagination": "50-63", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1048077518"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-319-12280-9_4"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-319-12280-9_4", 
      "https://app.dimensions.ai/details/publication/pub.1048077518"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-12-01T06:49", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20221201/entities/gbq_results/chapter/chapter_240.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-319-12280-9_4"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-12280-9_4'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-12280-9_4'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-12280-9_4'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-12280-9_4'


 

This table displays all metadata directly associated to this object as RDF triples.

104 TRIPLES      22 PREDICATES      53 URIs      46 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-319-12280-9_4 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author N58ba593b90ef497d8be0507b395d8dad
4 schema:datePublished 2014
5 schema:datePublishedReg 2014-01-01
6 schema:description A combiner is a construction formed out of two hash functions that is secure if one of the underlying functions is. Conventional combiners are known not to support short outputs: if the hash functions have n-bit outputs the combiner should have at least almost 2n bits of output in order to be robust for collision resistance (Pietrzak, CRYPTO 2008). Mittelbach (ACNS 2013) introduced a relaxed security model for combiners and presented “Cryptophia’s short combiner,” a rather delicate construction of an n-bit combiner that achieves optimal collision, preimage, and second preimage security. We re-analyze Cryptophia’s combiner and show that a collision can be found in two queries and a second preimage in one query, invalidating the claimed results. We additionally propose a way to fix the design in order to re-establish the original security results.
7 schema:editor N71ce852f3f2f469aa946b9e2df661d3a
8 schema:genre chapter
9 schema:isAccessibleForFree true
10 schema:isPartOf N3947c71a10104b6d81654dcf3e52bb3d
11 schema:keywords Mittelbach
12 bit of output
13 bits
14 collision resistance
15 collisions
16 combiner
17 construction
18 conventional combiner
19 delicate construction
20 design
21 function
22 hash function
23 model
24 n-bit output
25 optimal collision
26 order
27 output
28 preimage
29 preimage security
30 queries
31 resistance
32 results
33 second preimage
34 security
35 security model
36 security results
37 short output
38 way
39 schema:name Breaking and Fixing Cryptophia’s Short Combiner
40 schema:pagination 50-63
41 schema:productId Nb77bba302da048929032ef839ab225e6
42 Nd11633f99959447a986e84f81b0e9e3e
43 schema:publisher Nae6522628e0f40e8a9a6a84b640fc88c
44 schema:sameAs https://app.dimensions.ai/details/publication/pub.1048077518
45 https://doi.org/10.1007/978-3-319-12280-9_4
46 schema:sdDatePublished 2022-12-01T06:49
47 schema:sdLicense https://scigraph.springernature.com/explorer/license/
48 schema:sdPublisher N73f0f8d39b684b128b9557df16914a1f
49 schema:url https://doi.org/10.1007/978-3-319-12280-9_4
50 sgo:license sg:explorer/license/
51 sgo:sdDataset chapters
52 rdf:type schema:Chapter
53 N0244dbf770a94204aead97ef5005286e schema:familyName Gritzalis
54 schema:givenName Dimitris
55 rdf:type schema:Person
56 N3947c71a10104b6d81654dcf3e52bb3d schema:isbn 978-3-319-12279-3
57 978-3-319-12280-9
58 schema:name Cryptology and Network Security
59 rdf:type schema:Book
60 N58ba593b90ef497d8be0507b395d8dad rdf:first sg:person.012130641461.76
61 rdf:rest Nf42f2da9bd0d4dcfb63b0e338744e2eb
62 N69a6eadc05a54c3e82a6f02ebb7c9f3f schema:familyName Askoxylakis
63 schema:givenName Ioannis
64 rdf:type schema:Person
65 N71ce852f3f2f469aa946b9e2df661d3a rdf:first N0244dbf770a94204aead97ef5005286e
66 rdf:rest Nc191da1981c54697a2a7d96e8dfd40f8
67 N73f0f8d39b684b128b9557df16914a1f schema:name Springer Nature - SN SciGraph project
68 rdf:type schema:Organization
69 N8181ae9f5ad1419a982e1f4f133b58b2 rdf:first N69a6eadc05a54c3e82a6f02ebb7c9f3f
70 rdf:rest rdf:nil
71 N97d933b64a744c4b8cdf620bbc33e73d schema:familyName Kiayias
72 schema:givenName Aggelos
73 rdf:type schema:Person
74 Nae6522628e0f40e8a9a6a84b640fc88c schema:name Springer Nature
75 rdf:type schema:Organisation
76 Nb77bba302da048929032ef839ab225e6 schema:name doi
77 schema:value 10.1007/978-3-319-12280-9_4
78 rdf:type schema:PropertyValue
79 Nc191da1981c54697a2a7d96e8dfd40f8 rdf:first N97d933b64a744c4b8cdf620bbc33e73d
80 rdf:rest N8181ae9f5ad1419a982e1f4f133b58b2
81 Nd11633f99959447a986e84f81b0e9e3e schema:name dimensions_id
82 schema:value pub.1048077518
83 rdf:type schema:PropertyValue
84 Nf42f2da9bd0d4dcfb63b0e338744e2eb rdf:first sg:person.011115044357.39
85 rdf:rest rdf:nil
86 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
87 schema:name Information and Computing Sciences
88 rdf:type schema:DefinedTerm
89 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
90 schema:name Data Format
91 rdf:type schema:DefinedTerm
92 sg:person.011115044357.39 schema:affiliation grid-institutes:grid.5596.f
93 schema:familyName Preneel
94 schema:givenName Bart
95 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011115044357.39
96 rdf:type schema:Person
97 sg:person.012130641461.76 schema:affiliation grid-institutes:grid.5596.f
98 schema:familyName Mennink
99 schema:givenName Bart
100 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012130641461.76
101 rdf:type schema:Person
102 grid-institutes:grid.5596.f schema:alternateName Dept. Electrical Engineering, ESAT/COSIC, KU Leuven, and iMinds, Belgium
103 schema:name Dept. Electrical Engineering, ESAT/COSIC, KU Leuven, and iMinds, Belgium
104 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...