{"date_created":"2018-12-11T12:02:08Z","conference":{"name":"CRYPTO: International Cryptology Conference"},"page":"413 - 432","status":"public","doi":"10.1007/978-3-540-85174-5_23","alternative_title":["LNCS"],"publication_status":"published","day":"11","date_updated":"2021-01-12T07:41:57Z","month":"09","title":"Compression from collisions or why CRHF combiners have a long output","publisher":"Springer","extern":1,"intvolume":" 5157","date_published":"2008-09-11T00:00:00Z","year":"2008","quality_controlled":0,"volume":5157,"type":"conference","_id":"3228","citation":{"ama":"Pietrzak KZ. Compression from collisions or why CRHF combiners have a long output. In: Vol 5157. Springer; 2008:413-432. doi:10.1007/978-3-540-85174-5_23","ieee":"K. Z. Pietrzak, “Compression from collisions or why CRHF combiners have a long output,” presented at the CRYPTO: International Cryptology Conference, 2008, vol. 5157, pp. 413–432.","ista":"Pietrzak KZ. 2008. Compression from collisions or why CRHF combiners have a long output. CRYPTO: International Cryptology Conference, LNCS, vol. 5157, 413–432.","short":"K.Z. Pietrzak, in:, Springer, 2008, pp. 413–432.","mla":"Pietrzak, Krzysztof Z. Compression from Collisions or Why CRHF Combiners Have a Long Output. Vol. 5157, Springer, 2008, pp. 413–32, doi:10.1007/978-3-540-85174-5_23.","apa":"Pietrzak, K. Z. (2008). Compression from collisions or why CRHF combiners have a long output (Vol. 5157, pp. 413–432). Presented at the CRYPTO: International Cryptology Conference, Springer. https://doi.org/10.1007/978-3-540-85174-5_23","chicago":"Pietrzak, Krzysztof Z. “Compression from Collisions or Why CRHF Combiners Have a Long Output,” 5157:413–32. Springer, 2008. https://doi.org/10.1007/978-3-540-85174-5_23."},"publist_id":"3453","abstract":[{"text":"\nA black-box combiner for collision resistant hash functions (CRHF) is a construction which given black-box access to two hash functions is collision resistant if at least one of the components is collision resistant. In this paper we prove a lower bound on the output length of black-box combiners for CRHFs. The bound we prove is basically tight as it is achieved by a recent construction of Canetti et al [Crypto'07]. The best previously known lower bounds only ruled out a very restricted class of combiners having a very strong security reduction: the reduction was required to output collisions for both underlying candidate hash-functions given a single collision for the combiner (Canetti et al [Crypto'07] building on Boneh and Boyen [Crypto'06] and Pietrzak [Eurocrypt'07]). Our proof uses a lemma similar to the elegant "reconstruction lemma" of Gennaro and Trevisan [FOCS'00], which states that any function which is not one-way is compressible (and thus uniformly random function must be one-way). In a similar vein we show that a function which is not collision resistant is compressible. We also borrow ideas from recent work by Haitner et al. [FOCS'07], who show that one can prove the reconstruction lemma even relative to some very powerful oracles (in our case this will be an exponential time collision-finding oracle). © 2008 Springer-Verlag Berlin Heidelberg.","lang":"eng"}],"author":[{"orcid":"0000-0002-9139-1654","id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","full_name":"Krzysztof Pietrzak","last_name":"Pietrzak","first_name":"Krzysztof Z"}]}