Applied Staistics Unit,
Indian Statistical Institute
203 B. T. Road
Phone: +91 33 2575-2815 (office)
email: mridul at isical dot ac dot in
Find me at Google
What is Indifferentiability?
It is pseudorandom oracle like pseudorandom function or pseudorandom
permutation. In case of pseudorandom function adversary has no access
of internal building blocks (such as a blockcipher or keyed compression
function). In case of pseucorandom oracle attacker can have access of
all internal building blocks. It is an approprate notion for hash
function as the iterative compression function is public. Here is a
standard picture for an indifferentaible distinguisher of a hash
Pseudorandom property of hash function gurantees randomness of the hash
function given that the underlying iterative function is sufficient
random. So it also implies the collision, preimage, second preimage security of the hash function.
||A hash function C is based on a
primitive G. We say that it is indifferentiable from a primitive R if
there is a simulator S such that no reasonable distinguisher can not
distinguish (C,G) and (R,S). In other words, (1) R is indistinguishable
from C(G) and (2) S can alomost simulate the primitive G in a manner
such that R behaves like C(S). |
The popular MD hash function is NOT indifferentiable.
However, there are many known efficient designs of hash functions which are indifferentiable.
back to home page