On capabilities of hash domain extenders to preserve enhanced security properties
In this paper, we study property preservation capabilities of several domain extension transforms for hash functions with respect to multiple enhanced security notions. The transforms investigated include MD with strengthening padding (sMD), HAIFA, Enveloped Shoup (ESh) and Nested Linear Hash (nLH). While the first two transforms and their straightforward variants are among the most popular ones in practical hash designs including several SHA-3 candidates, the last two transforms (i.e. ESh and nLH) are mainly of a theoretical interest in the analysis of multi-property-preservation (MPP) capabilities of hash domain extenders. The security notions considered are the enhanced (or strengthened) variants of the traditional properties (collision resistance, second-preimage resistance, and preimage resistance) for the setting of dedicated-key hash functions. The results show that most of these enhanced security notions are not preserved by the investigated domain extenders. This might seem a bit disappointing from a provable security viewpoint, that advocates MPP paradigm (i.e. the more properties preserved simultaneously by a transform the more popular is the transform from a theoretical viewpoint); however, it is worth stressing that the mere fact that a domain extender fails to preserve a property P does not imply that a hash function built upon it is insecure. Rather, it just implies that security of the hash function in the sense of the property P cannot be deduced based on the assumption that the underlying compression function possesses P. 2012 Springer-Verlag.