【 摘 要 】

Abstract MDPH is a double‐block‐length hash function proposed by Naito at Latincrypt 2019. This is a combination of Hirose's compression function and the domain extender called Merkle–Damgård with permutation. When instantiated with an n‐bit block cipher, Naito proved that this achieves the (nearly) optimal indifferentiable security bound of O (n − log n)‐bit security. In this paper, the authors first point out that the proof of the claim contains a gap, which is related to the definition of the simulator in simulating the decryption of the block cipher. The authors then show that the proof can be fixed. The authors introduce a new simulator that addresses the issue, showing that MDPH retains its (nearly) optimal indifferentiable security bound of O (n − log n)‐bit security.

【 授权许可】

Unknown