[Cryptography] Creating a Parallelizeable Cryptographic Hash Function
leichter at lrw.com
Tue Oct 7 14:58:49 EDT 2014
On Oct 7, 2014, at 7:02 AM, Bill Cox <waywardgeek at gmail.com> wrote:
> Actually, this is one of my favorite processes for producing good ideas. Continuing with this process, what's wrong with:
> Digest = H(1 || B1) * H(2 || B2) * ... * H(n | Bn) mod p
This falls immediately to a prefix attack: If I know Digest(M) and length(M) (assume for simplicity that length(M) is a multiple of the block size) then
Digest(M || Bn+1) = Digest(M) * H(n + 1 || Bn+1) mod p
- taking the remainder mod p twice produces the same result as doing it only once.
> I think I've shown this is secure based on the difficulty of the discrete log problem. If true, isn't this exactly what you say is unlikely to happen?
You've tossed around a powerful result without tying it to the security of what you wanted to secure!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4813 bytes
Desc: not available
More information about the cryptography