International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Indifferentiability of the Sponge Construction with a Restricted Number of Message Blocks

Authors:
Charlotte Lefevre , Digital Security Group, Radboud University, Nijmegen, The Netherlands
Download:
DOI: 10.46586/tosc.v2023.i1.224-243
URL: https://tosc.iacr.org/index.php/ToSC/article/view/10313
Search ePrint
Search Google
Abstract: The sponge construction is a popular method for hashing. Quickly after its introduction, the sponge was proven to be tightly indifferentiable from a random oracle up to ≈ 2c/2 queries, where c is the capacity. However, this bound is not tight when the number of message blocks absorbed is restricted to ℓ < ⌈ c / 2(b−c) ⌉ + 1 (but still an arbitrary number of blocks can be squeezed). In this work, we show that this restriction leads to indifferentiability from a random oracle up to ≈ min { 2b/2, max { 2c/2, 2b−ℓ×(b−c) }} queries, where b > c is the permutation size. Depending on the parameters chosen, this result allows to have enhanced security or to absorb at a larger rate for applications that require a fixed-length input hash function.
BibTeX
@article{tosc-2023-33059,
  title={Indifferentiability of the Sponge Construction with a Restricted Number of Message Blocks},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={2023, Issue 1},
  pages={224-243},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/10313},
  doi={10.46586/tosc.v2023.i1.224-243},
  author={Charlotte Lefevre},
  year=2023
}