Crooked Indifferentiability Revisited

by   Rishiraj Bhattacharyya, et al.

In CRYPTO 2018, Russell et al introduced the notion of crooked indifferentiability to analyze the security of a hash function when the underlying primitive is subverted. They showed that the n-bit to n-bit function implemented using enveloped XOR construction (EXor) with 3n+1 many n-bit functions and 3n^2-bit random initial vectors (iv) can be proven secure asymptotically in the crooked indifferentiability setting. -We identify several major issues and gaps in the proof by Russel et al, We show that their proof can achieve security only when the adversary is restricted to make queries related to a single message. - We formalize new technique to prove crooked indifferentiability without such restrictions. Our technique can handle function dependent subversion. We apply our technique to provide a revised proof for the EXor construction. - We analyze crooked indifferentiability of the classical sponge construction. We show, using a simple proof idea, the sponge construction is a crooked-indifferentiable hash function using only n-bit random iv. This is a quadratic improvement over the EXor construction and solves the main open problem of Russel et al.



There are no comments yet.


page 1

page 2

page 3

page 4


Quantum security of hash functions and property-preservation of iterated hashing

This work contains two major parts: comprehensively studying the securit...

Compactness of Hashing Modes and Efficiency beyond Merkle Tree

We revisit the classical problem of designing optimally efficient crypto...

A Description and Proof of a Generalised and Optimised Variant of Wikström's Mixnet

In this paper, we describe an optimised variant of Wikström's mixnet whi...

Power of d Choices with Simple Tabulation

Suppose that we are to place m balls into n bins sequentially using the ...

Hash functions from superspecial genus-2 curves using Richelot isogenies

Last year Takashima proposed a version of Charles, Goren and Lauter's ha...

Efficiency Improvements for Encrypt-to-Self

Recent work by Pijnenburg and Poettering (ESORICS'20) explores the novel...

Implicit Probabilistic Integrators for ODEs

We introduce a family of implicit probabilistic integrators for initial ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.