On chosen target forced prefix preimage resistance
Abstract
In this paper we analyze the chosen target forced prefix
(CTFP) preimage resistance security notion for hash functions rstly introduced by Kelsey and Kohno with the Nostradamus attack [4]. We give a formal denition of this property in hash function family settings and work out all the implications and separations between CTFP preimage resistance and other standard notions of hash function security (preimage resistance, collision resistance, etc.). This paper follows the work of Rogaway and Shrimpton [6], where they dened seven basic notions of hash function security and examined all the relationships among these notions. We also dene a new property for security of hash function families { always CTFP preimage resistance, which guarantees CTFP security for all the hash functions in the family
(CTFP) preimage resistance security notion for hash functions rstly introduced by Kelsey and Kohno with the Nostradamus attack [4]. We give a formal denition of this property in hash function family settings and work out all the implications and separations between CTFP preimage resistance and other standard notions of hash function security (preimage resistance, collision resistance, etc.). This paper follows the work of Rogaway and Shrimpton [6], where they dened seven basic notions of hash function security and examined all the relationships among these notions. We also dene a new property for security of hash function families { always CTFP preimage resistance, which guarantees CTFP security for all the hash functions in the family
Full Text:
PDFDOI: https://doi.org/10.2478/tatra.v47i0.55