[Cryptography] Name for a specific type of preimage resistance
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Dec 8 07:35:17 EST 2022
The lesser-known required property for a hash function alongside collision
resistance is preimage resistance, and in fact for a lot of hash function use
in security protocols, in particular their near-universal use in PRFs and KDFs
and similar, what's essential is preimage resistance rather than collision
resistance. However, in this case an attacker needs to perform something far
stronger than a generic preimage attack in which they determine any valid
preimage, they need to recover the exact preimage that contains the secret
value or password or key that's being hashed or MACed or PRFed.
Is there a name for this special-case preimage attack, find the one preimage
that contains the secret value, to distinguish it from a generic preimage
attack, find any preimage?
Peter.
More information about the cryptography
mailing list