[Cryptography] Simple non-invertible function?
John Denker
jsd at av8n.com
Tue Sep 16 06:41:04 EDT 2014
On 09/15/2014 10:12 AM, Sandy Harris wrote:
> invertible if there has been a state compromise
That's a stronger property than mere non-invertibility.
SP800-90A calls that "backtrack resistance".
SP800-90A recommends schemes for achieving this.
Reference:
http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf
> I'd prefer to avoid
> the block cipher overhead if possible.
At least in the short term, I would recommend using one
of the block-cipher approaches. There are some remarkably
efficient block ciphers available, with well-established
security properties.
Later, if we decide the non-invertible function is the
rate-limiting step, and if somebody comes up with
something just as secure and more efficient, it can
be be dropped in at any time, as a plug-in replacement.
More information about the cryptography
mailing list