The suffix-free-prefix-free hash function construction and its indifferentiability security analysis

In this paper, we observe that in the seminal work on indifferentiability analysis of iterated hash functions by Coron et al. and in subsequent works, the initial value (I V) of hash functions is fixed. In addition, these indifferentiability results do not depend on the Merkle-Damgard (MD) strengthening in the padding functionality of the hash functions. We propose a generic n-bit-iterated hash function framework based on an n-bit compression function called suffix-free-prefix-free (SFPF) that works for arbitrary I Vs and does not possess MD strengthening. We formally prove that SFPF is indifferentiable from a random oracle (RO) when the compression function is viewed as a fixed input-length random oracle (FIL-RO). We show that some hash function constructions proposed in the literature fit in the SFPF framework while others that do not fit in this framework are not indifferentiable from a RO. We also show that the SFPF hash function framework with the provision of MD strengthening generalizes any n-bit-iterated hash function based on an n-bit compression function and with an n-bit chaining value that is proven indifferentiable from a RO.