[Cryptography] Creating a Parallelizeable Cryptographic Hash Function

Jason Resch jresch at cleversafe.com
Fri Oct 3 13:23:16 EDT 2014

On 10/02/2014 07:17 PM, David Leon Gil wrote:
> On Thu, Oct 2, 2014 at 6:53 PM, Jason Resch <jresch at cleversafe.com> wrote:
>> Assuming there was a secure cryptographic function H() with an output of L
>> bits, what attacks or weaknesses would exist in a protocol that did the
>> following:
> You're probably better off using a construction that has been designed
> to be a sound "tree hashing" mode. E.g., the Keccak team's Sakura tree
> hash coding: http://keccak.noekeon.org/Sakura.pdf

David, Sandy,

Thanks for these resources on tree hashing.

I was considering a case where a small changes between very large 
messages, M and M' could be computed efficiently to produce an updated 
hash value. I am correct that tree hashing doesn't support this without 
using a lot of extra memory to store the intermediate hash values?


More information about the cryptography mailing list