Revisiting Collision and Local Opening Analysis of ABR Hash

Authors Chandranan Dhar, Yevgeniy Dodis, Mridul Nandi

Thumbnail PDF


  • Filesize: 0.82 MB
  • 22 pages

Document Identifiers

Author Details

Chandranan Dhar
  • Indian Statistical Institute, Kolkata, India
Yevgeniy Dodis
  • New York University, NY, USA
Mridul Nandi
  • Indian Statistical Institute, Kolkata, India

Cite AsGet BibTex

Chandranan Dhar, Yevgeniy Dodis, and Mridul Nandi. Revisiting Collision and Local Opening Analysis of ABR Hash. In 3rd Conference on Information-Theoretic Cryptography (ITC 2022). Leibniz International Proceedings in Informatics (LIPIcs), Volume 230, pp. 11:1-11:22, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2022)


The question of building the most efficient tn-to-n-bit collision-resistant hash function H from a smaller (say, 2n-to-n-bit) compression function f is one of the fundamental questions in symmetric key cryptography. This question has a rich history, and was open for general t, until a recent breakthrough paper by Andreeva, Bhattacharyya and Roy at Eurocrypt'21, who designed an elegant mode (which we call ABR) achieving roughly 2t/3 calls to f, which matches the famous Stam’s bound from CRYPTO'08. Unfortunately, we have found serious issues in the claims made by the authors. These issues appear quite significant, and range from verifiably false statements to noticeable gaps in the proofs (e.g., omissions of important cases and unjustified bounds). We were unable to patch up the current proof provided by the authors. Instead, we prove from scratch the security of the ABR construction for the first non-trivial case t = 11 (ABR mode of height 3), which was incorrectly handled by the authors. In particular, our result matches Stam’s bound for t = 11. While the general case is still open, we hope our techniques will prove useful to finally settle the question of the optimal efficiency of hash functions.

Subject Classification

ACM Subject Classification
  • Security and privacy → Cryptography
  • ABR hash
  • collision resistance
  • local opening


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Elena Andreeva, Rishiraj Bhattacharyya, and Arnab Roy. Compactness of hashing modes and efficiency beyond merkle tree. In Advances in Cryptology - EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, October 17-21, 2021, Proceedings, Part II, pages 92-123. Springer, 2021. Google Scholar
  2. John Black, Martin Cochran, and Thomas Shrimpton. On the impossibility of highly-efficient blockcipher-based hash functions. In EUROCRYPT, volume 3494 of Lecture Notes in Computer Science, pages 526-541. Springer, 2005. Google Scholar
  3. Ivan Damgård. A design principle for hash functions. In CRYPTO, volume 435 of Lecture Notes in Computer Science, pages 416-427. Springer, 1989. Google Scholar
  4. Yevgeniy Dodis, Dmitry Khovratovich, Nicky Mouha, and Mridul Nandi. T5: Hashing five inputs with three compression calls. In 2nd Conference on Information-Theoretic Cryptography, ITC 2021, July 23-26, 2021, Virtual Conference, pages 24:1-24:23. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2021. Google Scholar
  5. Bart Mennink and Bart Preneel. Efficient parallelizable hashing using small non-compressing primitives. Int. J. Inf. Sec., 15(3):285-300, 2016. Google Scholar
  6. Ralph C. Merkle. Protocols for public key cryptosystems. In IEEE Symposium on Security and Privacy, pages 122-134. IEEE Computer Society, 1980. Google Scholar
  7. Ralph C. Merkle. One way hash functions and DES. In CRYPTO, volume 435 of Lecture Notes in Computer Science, pages 428-446. Springer, 1989. Google Scholar
  8. Phillip Rogaway and John P. Steinberger. Constructing cryptographic hash functions from fixed-key blockciphers. In CRYPTO, volume 5157 of Lecture Notes in Computer Science, pages 433-450. Springer, 2008. Google Scholar
  9. Phillip Rogaway and John P. Steinberger. Security/efficiency tradeoffs for permutation-based hashing. In EUROCRYPT, volume 4965 of Lecture Notes in Computer Science, pages 220-236. Springer, 2008. Google Scholar
  10. Thomas Shrimpton and Martijn Stam. Building a collision-resistant compression function from non-compressing primitives. In ICALP (2), volume 5126 of Lecture Notes in Computer Science, pages 643-654. Springer, 2008. Google Scholar
  11. Martijn Stam. Beyond uniformity: Better security/efficiency tradeoffs for compression functions. In Advances in Cryptology - CRYPTO 2008, 28th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2008. Proceedings, pages 397-412. Springer, 2008. Google Scholar
  12. John P. Steinberger. Stam’s collision resistance conjecture. In EUROCRYPT, volume 6110 of Lecture Notes in Computer Science, pages 597-615. Springer, 2010. Google Scholar
  13. John P. Steinberger, Xiaoming Sun, and Zhe Yang. Stam’s conjecture and threshold phenomena in collision resistance. In CRYPTO, volume 7417 of Lecture Notes in Computer Science, pages 384-405. Springer, 2012. Google Scholar
  14. David A. Wagner. A generalized birthday problem. In CRYPTO, volume 2442 of Lecture Notes in Computer Science, pages 288-303. Springer, 2002. Google Scholar