Degree Name

Doctor of Philosophy


School of Computer Science and Software Engineering - Faculty of Informatics


Cryptographic hash functions have been used to a great extent in many applications; most importantly, as building blocks for digital signature schemes and message authentication codes (MACs), as well as in commitment schemes, password protection, key derivation, and almost every practical cryptographic protocol. Unlike many other cryptographic primitives which are usually intended to fulfill specific security notions, hash functions, as workhorses of cryptography, are often expected to satisfy a wide and application dependent spectrum of security notions, ranging from merely being a one-way function to acting as a truly random function or random oracle (ideal hash).

In this Thesis, we revisit the theory and application of cryptographic hash functions. We provide new contributions to this field, which has been explored for over three decades, yet remains a highly active and interesting area of research. We pursue, in particular, a line of research considering essential theoretical questions in regard to the security features of hash functions, including formal definitions of security notions, the relationships among different security notions, and the possibility of designing property-preserving domain extension transforms for hash functions.

First, we study notions of security for cryptographic hash functions. Our main goal in this part is to consider the two essential theoretical questions in regard to security notions for hash functions; namely, formal definitions of security notions and the relationships among different security notions. Our contribution in this part includes: a clear categorization of security notions, the introduction of a new set of enhanced security notions and, most importantly, a full picture of the relationships among the security notions.

We then investigate the property preservation capabilities of domain extension transforms for hash functions. Almost all cryptographic hash functions are designed based on the following two-step approach: first, a compression function is designed which is only capable of hashing fixed-length messages, then, a domain extension transform is applied to obtain a full-fledged hash function. The possibility of designing a property-preserving domain extension transform, which is also known as a property-preserving mode of operation, is an important problem to be considered with regard to the construction of secure hash functions. We make the following two contributions. Firstly, we analyse the most powerful multi-property-preserving (MPP) domain extension transforms for hash functions in the literature, and provide a full picture of their MPP capabilities with regard to a large collection of known security notions. Secondly, we investigate the capabilities of several different domain extension transforms in regard to preserving an interesting recently proposed security notion, called enhanced target collision resistance (eTCR).

Finally, as an interesting application of hash functions, we consider manual channel message authentication protocols using hash functions. In the manual channel model for message authentication, also known as the two-channel or SAS-based model, the sender and the receiver are assumed to have access to a low-bandwidth auxiliary channel, ensuring authentication, in addition to a typical insecure channel; however, neither they share any secret information nor there is any trusted public key infrastructure (PKI). We investigate the problem of random oracle instantiation for a three-round interactive message authentication protocol (IMAP). We also provide an efficient non-interactive message authentication protocol (NIMAP) in the manual channel model that is based on an eTCR hash function.

02Whole.pdf (1496 kB)