
Mridul
Nandi
Applied Staistics Unit,
Indian Statistical Institute
203 B. T. Road
Kolkata 700124
Phone: +91 33 25752815 (office)
email: mridul at isical dot ac dot in
Find me at Google
DBLP
Homepage
www.isical.ac.in/~mridul
publication
CV
briefBio


Indifferentiability
What is Indifferentiability?
It is pseudorandom oracle like pseudorandom function or pseudorandom
permutation. In case of pseudorandom function adversary has no access
of internal building blocks (such as a blockcipher or keyed compression
function). In case of pseucorandom oracle attacker can have access of
all internal building blocks. It is an approprate notion for hash
function as the iterative compression function is public. Here is a
standard picture for an indifferentaible distinguisher of a hash
function.

A hash function C is based on a
primitive G. We say that it is indifferentiable from a primitive R if
there is a simulator S such that no reasonable distinguisher can not
distinguish (C,G) and (R,S). In other words, (1) R is indistinguishable
from C(G) and (2) S can alomost simulate the primitive G in a manner
such that R behaves like C(S).
The popular MD hash function is NOT indifferentiable.
However, there are many known efficient designs of hash functions which are indifferentiable.

Pseudorandom property of hash function gurantees randomness of the hash
function given that the underlying iterative function is sufficient
random. So it also implies the collision, preimage, second preimage security of the hash function.
<<
back to home page
