Darmstadt University of Technology
The researcher (Crypto 1993) assessed 64 possible ways to construct a compression function out of a block-cipher. They conjectured that 12 out of these 64 so-called PGV constructions achieve optimal security bounds for collision resistance and pre-image resistance. This was proven by researcher (Journal of Cryptology, 2010), if one assumes that the block-cipher is ideal. This result, however, does not apply to \"Non-ideal\" block-ciphers such as AES. To alleviate this problem, they revisit the PGV constructions in light of the recently proposed idea of random-oracle reducibility.