Reading the Crypto Classics: Coron, Dodis, Malinaud, Puniya: „Merkle-Damgård Revisited: How to Construct a Hash Function“

02.09.2020 10:00-11:00

Moderator: Aishwarya Thiruvengadam, TU Darmstadt, Cryptoplexity Group | Location: Online

Organizer: Christian Janson


This talk is the last one in the seminar series „Reading the Crypto Classics“ for the very special summer term 2020. The idea of this seminar is to jointly read classical milestone papers in the area of cryptography, to discuss their impact and understand their relevance for current research areas. The seminar is running as an Oberseminar, but at the same time meant to be a joint reading group seminar of the CROSSING Special Interest Group on Advanced Cryptography with all interested CROSSING members being invited to participate.

This issue will cover the paper/talk

Coron, Dodis, Malinaud, Puniya: „Merkle-Damgård Revisited: How to Construct a Hash Function“ (Crypto 2005); DOI: 10.1007/11535218_26

with the following abstract:

„The most common way of constructing a hash function (e.g., SHA-1) is to iterate a compression function on the input message. The compression function is usually designed from scratch or made out of a block-cipher. In this paper, we introduce a new security notion for hash-functions, stronger than collision-resistance. Under this notion, the arbitrary length hash function H must behave as a random oracle when the fixed-length building block is viewed as a random oracle or an ideal block-cipher. The key property is that if a particular construction meets this definition, then any cryptosystem proven secure assuming H is a random oracle remains secure if one plugs in this construction (still assuming that the underlying fixed-length primitive is ideal). In this paper, we show that the current design principle behind hash functions such as SHA-1 and MD5 — the (strengthened) Merkle-Damgård transformation — does not satisfy this security notion. We provide several constructions that provably satisfy this notion; those new constructions introduce minimal changes to the plain Merkle-Damgård construction and are easily implementable in practice.“

Further information about the virtual format

The seminar takes place in a virtual format using BigBlueButton. Please join us using the provided link in your favorite browser. When joining, please select that you want to participate with „microphone“. Then you connect to the server performing an echo-test. If you hear yourself correctly then please choose the option „thumbs-up“. Then you have successfully joined the seminar and you are automatically muted. Please keep this setting to provide everyone a good sound quality unless you have a question. Then you can please unmute yourself and ask a question. This seminar is still meant to be interactive.