抄録
We introduce the “split padding” into a current Merkle-Damgård hash function H. The patched hash function $\\bar{H}$ satisfies the following properties: (i) $\\bar{H}$ is second-preimage-resistant (SPR) if the underlying compression function h satisfies an “SPR-like” property, and (ii) $\\bar{H}$ is one-way (OW) if h satisfies an “OW-like” property. The assumptions we make about h are provided with simple definitions and clear relations to other security notions. In particular, they belong to the class whose existence is ensured by that of OW functions, revealing an evident separation from the strong collision-resistance (CR) requirement. Furthermore, we get the full benefit from the patch at almost no expense: The new scheme requires no change in the internals of a hash function, runs as efficiently as the original, and as usual inherits CR from h.
