U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)
Presentation

Tight Preimage Resistance of the Sponge Construction

May 11, 2022

Presenters

Charlotte Lefevre - Radboud University

Description

The cryptographic sponge is a popular method for hash function design. The construction is in the ideal permutation model proven to be indiifferentiable from a random oracle up to the birthday bound in the capacity of the sponge. This result in particular implies that, as long as the attack complexity does not exceed this bound, the sponge construction achieves a comparable level of collision, preimage, and second preimage resistance as a random oracle. We investigate these state-of-the-art bounds in detail, and observe that while the collision and second preimage security bounds are tight, the preimage bound is not tight. We derive an improved and tight preimage security bound for the cryptographic sponge construction. The result has direct implications for various lightweight cryptographic hash functions. For example, the NIST Lightweight Cryptography finalist Ascon-Hash does not generically achieve 2128 preimage security as claimed, but even 2192 preimage security. Comparable improvements are obtained for the modes of Spongent, PHOTON, ACE, and Subterranean 2.0, among others.

Presented at

LWC Workshop 2022

Event Details

Location

    
                            

Related Topics

Security and Privacy: cryptography

Created May 05, 2022, Updated May 12, 2022