Symmetric ciphers as hash functions
James Muir
jamuir at scs.carleton.ca
Mon Oct 31 11:43:45 EST 2005
Tom Shrimpton (http://www.cs.pdx.edu/~teshrim/) does research in this
area (ie. using block ciphers to build hash functions). See the papers
on his web site; in particular:
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions
from PGV [pdf] [ps]
John Black, Phillip Rogaway, and Thomas Shrimpton
-James
Arash Partow wrote:
> Hi all,
>
> How does one properly use a symmetric cipher as a cryptographic hash
> function? I seem to be going around in circles.
>
> Initially I thought you choose some known key and encrypt the data
> with the key, using either the encrypted text or the internal state of
> the cipher as the hash value, turns out all one needs to do to break
> it, is decrypt the hash value with the "known" key and you get a value
> which will produce the same hash value.
>
> Reversing the situation (using the data as the key and a known plain-
> text) makes a plaintext attack seem like a joy etc..
>
> Are there any papers/books/etc that explain the implementation/use of
> symmetric ciphers (particularly AES) as cryptographic hash functions?
>
> btw I know that hash functions and symmetric ciphers share the same
> structural heritage (feistel rounds etc...), I just don't seem to be
> making the usage link at this point in time... :D
>
> Any help would be very much appreciated.
>
>
>
> Kind regards
>
>
> Arash Partow
> ________________________________________________________
> Be one who knows what they don't know,
> Instead of being one who knows not what they don't know,
> Thinking they know everything about all things.
> http://www.partow.net
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list