my-photo
Mridul Nandi
Applied Staistics Unit,
Indian Statistical Institute
203 B. T. Road
Kolkata 700124
Phone: +91 33 2575-2815 (office)
email: mridul at isical dot ac dot in

Find me at  Google  DBLP

Homepage www.isical.ac.in/~mridul

publication    CV    brief-Bio

Indifferentiability

What is Indifferentiability?
It is pseudorandom oracle like pseudorandom function or pseudorandom permutation. In case of pseudorandom function adversary has no access of internal building blocks (such as a blockcipher or keyed compression function). In case of pseucorandom oracle attacker can have access of all internal building blocks. It is an approprate notion for hash function as the iterative compression function is public. Here is a standard picture for an indifferentaible distinguisher of a hash function.
PRO A hash function C is  based on a primitive G. We say that it is indifferentiable from a primitive R if there is a simulator S such that no reasonable distinguisher can not distinguish (C,G) and (R,S). In other words, (1) R is indistinguishable from C(G) and (2) S can alomost simulate the primitive G in a manner such that R behaves like C(S).

The popular MD hash function is NOT indifferentiable.

However, there are many known efficient designs of hash functions which are indifferentiable.
Pseudorandom property of hash function gurantees randomness of the hash function given that the underlying iterative function is sufficient random. So it also implies the collision, preimage, second preimage security of the hash function.

<< back to home page