[Cryptography] Hashes into Ciphers

Jerry Leichter leichter at lrw.com
Wed Sep 4 11:18:55 EDT 2013

This first publication of differential cryptanalysis was at CRYPTO'90.  I highly doubt Karn analyzed his construction relative to DC.  (His post certainly makes no mention of it.)

At first glance - I certainly haven't worked this through - it should be straightforward to construct a hash will all kinds of desirable *hash* properties that would, in Karn's construction, produce a cipher highly vulnerable to DC.  (That is:  This is not a safe *generic* construction, and I'm not sure exactly what requirements you'd have to put on the hash in order to be sure you got a DC-resistant cipher.)
                                                        -- Jerry

On Sep 4, 2013, at 10:49 AM, "Perry E. Metzger" <perry at piermont.com> wrote:

> On Wed, 4 Sep 2013 10:37:12 -0400 "Perry E. Metzger"
> <perry at piermont.com> wrote:
>> Phil Karn described a construction for turning any hash function
>> into the core of a Feistel cipher in 1991. So far as I can tell,
>> such ciphers are actually quite secure, though impractically slow.
>> Pointers to his original sci.crypt posting would be appreciated, I
>> wasn't able to find it with a quick search.
> Answering my own question
> https://groups.google.com/forum/#!original/sci.crypt/tTWR2qIII0s/iDvT3ptY5CEJ
> Note that Karn's construction need not use any particular hash
> function -- he's more or less simply describing how to use a hash
> function of any sort as the heart of a Feistel cipher.
> Perry
> -- 
> Perry E. Metzger		perry at piermont.com
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

More information about the cryptography mailing list