[Cryptography] Creating a Parallelizeable Cryptographic Hash Function

Bill Cox waywardgeek at gmail.com
Tue Oct 7 07:02:56 EDT 2014

On Mon, Oct 6, 2014 at 11:53 PM, Ben Laurie <benl at google.com> wrote:

> On 6 October 2014 23:23, Bill Cox <waywardgeek at gmail.com> wrote:
> > On Sat, Oct 4, 2014 at 1:21 PM, Ben Laurie <benl at google.com> wrote:
> >>
> >> However, this is not a good way to go about designing crypto primitives.
> >>
> >
> > I disagree with this point.  This thread is an excellent way for people
> to
> > *avoid* mistakes like this hash function.  People should be *encouraged*
> to
> > post their latest dumb idea about hashing here, so it can be reviewed
> before
> > harming anyone.
> Sure thing, but that's not what I meant. What I meant was that
> starting with a dumb idea, then incrementally fixing things people
> point out is not likely to lead to something good.

Actually, this is one of my favorite processes for producing good ideas.
Continuing with this process, what's wrong with:

Digest = H(1 || B1) * H(2 || B2) * ... * H(n | Bn) mod p

I think I've shown this is secure based on the difficulty of the discrete
log problem.  If true, isn't this exactly what you say is unlikely to

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141007/a2cc9b56/attachment.html>

More information about the cryptography mailing list