We propose a novel framework for blockcipher-based double-length hash functions by extending the recent generalization presented by Stam at FSE '09 for single-call hash functions. We focus on compression functions compressing 3n bits to 2n bits that use one or two calls to a 2n-bit key, n-bit block block-cipher. In case of a single call, we concentrate on security in the iteration. In case of two calls, we restrict ourselves to two parallel calls (initially to distinct and independent blockciphers). We analyse the kind of pre- and postprocessing functions that are sufficient to obtain close to optimal collision resistance, either in the compression function or in the iteration. Our framework can be used to get a clearer understanding of a large class of double-length hash functions of this type.
展开▼
