{"doi":"10.1007/978-3-540-85174-5_23","title":"Compression from collisions or why CRHF combiners have a long output","date_updated":"2021-01-12T07:41:57Z","conference":{"name":"CRYPTO: International Cryptology Conference"},"date_published":"2008-09-11T00:00:00Z","abstract":[{"text":"\nA black-box combiner for collision resistant hash functions (CRHF) is a construction which given black-box access to two hash functions is collision resistant if at least one of the components is collision resistant. In this paper we prove a lower bound on the output length of black-box combiners for CRHFs. The bound we prove is basically tight as it is achieved by a recent construction of Canetti et al [Crypto'07]. The best previously known lower bounds only ruled out a very restricted class of combiners having a very strong security reduction: the reduction was required to output collisions for both underlying candidate hash-functions given a single collision for the combiner (Canetti et al [Crypto'07] building on Boneh and Boyen [Crypto'06] and Pietrzak [Eurocrypt'07]). Our proof uses a lemma similar to the elegant &quot;reconstruction lemma&quot; of Gennaro and Trevisan [FOCS'00], which states that any function which is not one-way is compressible (and thus uniformly random function must be one-way). In a similar vein we show that a function which is not collision resistant is compressible. We also borrow ideas from recent work by Haitner et al. [FOCS'07], who show that one can prove the reconstruction lemma even relative to some very powerful oracles (in our case this will be an exponential time collision-finding oracle). © 2008 Springer-Verlag Berlin Heidelberg.","lang":"eng"}],"date_created":"2018-12-11T12:02:08Z","page":"413 - 432","publist_id":"3453","publisher":"Springer","quality_controlled":0,"publication_status":"published","intvolume":"      5157","author":[{"orcid":"0000-0002-9139-1654","id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","first_name":"Krzysztof Z","full_name":"Krzysztof Pietrzak","last_name":"Pietrzak"}],"month":"09","day":"11","citation":{"short":"K.Z. Pietrzak, in:, Springer, 2008, pp. 413–432.","ama":"Pietrzak KZ. Compression from collisions or why CRHF combiners have a long output. In: Vol 5157. Springer; 2008:413-432. doi:<a href=\"https://doi.org/10.1007/978-3-540-85174-5_23\">10.1007/978-3-540-85174-5_23</a>","mla":"Pietrzak, Krzysztof Z. <i>Compression from Collisions or Why CRHF Combiners Have a Long Output</i>. Vol. 5157, Springer, 2008, pp. 413–32, doi:<a href=\"https://doi.org/10.1007/978-3-540-85174-5_23\">10.1007/978-3-540-85174-5_23</a>.","ieee":"K. Z. Pietrzak, “Compression from collisions or why CRHF combiners have a long output,” presented at the CRYPTO: International Cryptology Conference, 2008, vol. 5157, pp. 413–432.","apa":"Pietrzak, K. Z. (2008). Compression from collisions or why CRHF combiners have a long output (Vol. 5157, pp. 413–432). Presented at the CRYPTO: International Cryptology Conference, Springer. <a href=\"https://doi.org/10.1007/978-3-540-85174-5_23\">https://doi.org/10.1007/978-3-540-85174-5_23</a>","ista":"Pietrzak KZ. 2008. Compression from collisions or why CRHF combiners have a long output. CRYPTO: International Cryptology Conference, LNCS, vol. 5157, 413–432.","chicago":"Pietrzak, Krzysztof Z. “Compression from Collisions or Why CRHF Combiners Have a Long Output,” 5157:413–32. Springer, 2008. <a href=\"https://doi.org/10.1007/978-3-540-85174-5_23\">https://doi.org/10.1007/978-3-540-85174-5_23</a>."},"type":"conference","alternative_title":["LNCS"],"_id":"3228","year":"2008","status":"public","volume":5157,"extern":1}