TY - JOUR
AU - Lefevre, Charlotte
PY - 2023/03/10
Y2 - 2023/03/28
TI - Indifferentiability of the Sponge Construction with a Restricted Number of Message Blocks
JF - IACR Transactions on Symmetric Cryptology
JA - ToSC
VL - 2023
IS - 1
SE - Articles
DO - 10.46586/tosc.v2023.i1.224-243
UR - https://tosc.iacr.org/index.php/ToSC/article/view/10313
SP - 224-243
AB - <p>The sponge construction is a popular method for hashing. Quickly after its introduction, the sponge was proven to be tightly indifferentiable from a random oracle up to ≈ 2<sup><em>c</em>/2</sup> queries, where <em>c</em> is the capacity. However, this bound is not tight when the number of message blocks absorbed is restricted to ℓ < ⌈ <em>c</em> / 2(<em>b</em>−<em>c</em>) ⌉ + 1 (but still an arbitrary number of blocks can be squeezed). In this work, we show that this restriction leads to indifferentiability from a random oracle up to ≈ min { 2<sup><em>b</em>/2</sup>, max { 2<sup><em>c</em>/2</sup>, 2<sup><em>b</em>−ℓ×(<em>b</em>−<em>c</em>)</sup> }} queries, where <em>b</em> > <em>c</em> is the permutation size. Depending on the parameters chosen, this result allows to have enhanced security or to absorb at a larger rate for applications that require a fixed-length input hash function.</p>
ER -