[Cryptography] Creating a Parallelizeable Cryptographic Hash Function

Jason Resch jresch at cleversafe.com
Thu Oct 2 18:53:36 EDT 2014

Assuming there was a secure cryptographic function H() with an output of 
L bits, what attacks or weaknesses would exist in a protocol that did 
the following:

Digest = H(B_0 || C_0) ^ H(B_1 || C_1) ^ H(B_2 || C_2) ^ ... ^ H(B_N || 
C_N) ^ H(N)

Where B_0 through B_N are the blocks (of size L) constituting the 
message and C_0 through C_N are L-bit counters.

One problem seems to be that if any collision can be found for a given 
H(X || C_i) and H(Y || C_i), it leads to an essentially infinite number 
of collisions (any message that contains X as a block can have that 
block replaced with Y), but what other vulnerabilities does this 
construction have that would make it unsuitable as a general purpose 
cryptographic hash function?

Thanks for your expertise.


More information about the cryptography mailing list