[Cryptography] Hashes into Ciphers
Jerry Leichter
leichter at lrw.com
Wed Sep 4 11:18:55 EDT 2013
This first publication of differential cryptanalysis was at CRYPTO'90. I highly doubt Karn analyzed his construction relative to DC. (His post certainly makes no mention of it.)
At first glance - I certainly haven't worked this through - it should be straightforward to construct a hash will all kinds of desirable *hash* properties that would, in Karn's construction, produce a cipher highly vulnerable to DC. (That is: This is not a safe *generic* construction, and I'm not sure exactly what requirements you'd have to put on the hash in order to be sure you got a DC-resistant cipher.)
-- Jerry
On Sep 4, 2013, at 10:49 AM, "Perry E. Metzger" <perry at piermont.com> wrote:
> On Wed, 4 Sep 2013 10:37:12 -0400 "Perry E. Metzger"
> <perry at piermont.com> wrote:
>> Phil Karn described a construction for turning any hash function
>> into the core of a Feistel cipher in 1991. So far as I can tell,
>> such ciphers are actually quite secure, though impractically slow.
>>
>> Pointers to his original sci.crypt posting would be appreciated, I
>> wasn't able to find it with a quick search.
>
> Answering my own question
>
> https://groups.google.com/forum/#!original/sci.crypt/tTWR2qIII0s/iDvT3ptY5CEJ
>
> Note that Karn's construction need not use any particular hash
> function -- he's more or less simply describing how to use a hash
> function of any sort as the heart of a Feistel cipher.
>
> Perry
> --
> Perry E. Metzger perry at piermont.com
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
More information about the cryptography
mailing list