Symmetric ciphers as hash functions

James Muir jamuir at scs.carleton.ca
Mon Oct 31 11:43:45 EST 2005


Tom Shrimpton (http://www.cs.pdx.edu/~teshrim/) does research in this 
area (ie. using block ciphers to build hash functions).  See the papers 
on his web site; in particular:

Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions 
from PGV [pdf] [ps]
John Black, Phillip Rogaway, and Thomas Shrimpton

-James

Arash Partow wrote:
> Hi all,
> 
> How does one properly use a symmetric cipher as a cryptographic hash
> function? I seem to be going around in circles.
> 
> Initially I thought you choose some known key and encrypt the data
> with the key, using either the encrypted text or the internal state of
> the cipher as the hash value, turns out all one needs to do to break
> it, is decrypt the hash value with the "known" key and you get a value
> which will produce the same hash value.
> 
> Reversing the situation (using the data as the key and a known plain-
> text) makes a plaintext attack seem like a joy etc..
> 
> Are there any papers/books/etc that explain the implementation/use of
> symmetric ciphers (particularly AES) as cryptographic hash functions?
> 
> btw I know that hash functions and symmetric ciphers share the same
> structural heritage (feistel rounds etc...), I just don't seem to be
> making the usage link at this point in time... :D
> 
> Any help would be very much appreciated.
> 
> 
> 
> Kind regards
> 
> 
> Arash Partow
> ________________________________________________________
> Be one who knows what they don't know,
> Instead of being one who knows not what they don't know,
> Thinking they know everything about all things.
> http://www.partow.net
> 
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list