[Cryptography] Simple non-invertible function?

John Denker jsd at av8n.com
Tue Sep 16 06:41:04 EDT 2014


On 09/15/2014 10:12 AM, Sandy Harris wrote:

> invertible if there has been a state compromise

That's a stronger property than mere non-invertibility.
SP800-90A calls that "backtrack resistance".

SP800-90A recommends schemes for achieving this.

Reference:
  http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf


> I'd prefer to avoid
> the block cipher overhead if possible.

At least in the short term, I would recommend using one 
of the block-cipher approaches.  There are some remarkably
efficient block ciphers available, with well-established
security properties.

Later, if we decide the non-invertible function is the
rate-limiting step, and if somebody comes up with 
something just as secure and more efficient, it can 
be be dropped in at any time, as a plug-in replacement.



More information about the cryptography mailing list