Provable Second Preimage Resistance Revisited - Université de Versailles Saint-Quentin-en-Yvelines Access content directly
Conference Papers Year : 2014

Provable Second Preimage Resistance Revisited

Charles Bouillaguet
  • Function : Author


Most cryptographic hash functions are iterated constructions, in which a mode of operation specifies how a compression function or a fixed permutation is applied. The Merkle-Damgard mode of operation is the simplest and more widely deployed mode of operation, yet it suffers from generic second preimage attacks, even when the compression function is ideal. In this paper we focus on provable security against second preimage attacks. Based on the study of several existing constructions, we describe simple properties of modes of operation and show that they are sufficient to allow some form of provable security, first in the random oracle model and then in the standard model. Our security proofs are extremely simple. We show for instance that the claims of the designers of Haifa regarding second preimage resistance are valid. Lastly, we give arguments that proofs of second preimage resistance by a black-box reduction incur an unavoidable security loss.

Dates and versions

hal-02176876 , version 1 (08-07-2019)



Charles Bouillaguet, Bastien Vayssière. Provable Second Preimage Resistance Revisited. 20th International Conference on Selected Areas in Cryptography, Aug 2013, Simon Fraser Univ, Burnaby, CANADA, Canada. ⟨10.1007/978-3-662-43414-7_26⟩. ⟨hal-02176876⟩
86 View
0 Download



Gmail Facebook X LinkedIn More