The Collision Intractability of MDC-2 in the Ideal-Cipher Model

descriptionPublicationkeyboard_double_arrow_right Part of book or chapter of book , Conference object , Article 01 Jan 2007Publisher:Springer Berlin Heidelberg

Authors: John P. Steinberger;

doi: 10.1007/978-3-540-72540-4_3

The Collision Intractability of MDC-2 in the Ideal-Cipher Model

- Summary
- Metrics

Abstract

We provide the first proof of security for MDC-2, the most well-known construction for turning an n-bit blockcipher into a 2n-bit cryptographic hash function. Our result, which is in the ideal-cipher model, shows that MDC-2, when built from a blockcipher having blocklength and keylength n, has security much better than that delivered by any hash function that has an n-bit output. When the blocklength and keylength are n= 128 bits, as with MDC-2 based on AES-128, an adversary that asks fewer than 274.9queries usually cannot find a collision.

Related Organizations

University of California, Davis
United States

Impact byBIP!

	selected citations These citations are derived from selected sources. This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).	45
	popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.	Average
	influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).	Top 10%
	impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.	Top 10%

Found an issue? Give us feedback

45

Average

Top 10%

bronze