[Cryptography] Simple non-invertible function?
Sandy Harris
sandyinchina at gmail.com
Tue Sep 16 11:05:14 EDT 2014
On Tue, Sep 16, 2014 at 6:41 AM, John Denker <jsd at av8n.com> wrote:
> On 09/15/2014 10:12 AM, Sandy Harris wrote:
>
>> invertible if there has been a state compromise
>
> That's a stronger property than mere non-invertibility.
> SP800-90A calls that "backtrack resistance".
>
> SP800-90A recommends schemes for achieving this.
>
> Reference:
> http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf
Yes, but their key recommendation, page 33, is: "Backtracking
resistance can be provided by ensuring that the DRBG generate
algorithm is a one-way function."
Hence my question about simple functions with that property.
>> I'd prefer to avoid
>> the block cipher overhead if possible.
>
> At least in the short term, I would recommend using one
> of the block-cipher approaches. There are some remarkably
> efficient block ciphers available, with well-established
> security properties.
I agree. That is the obvious way to do it and the Preneel
et al. papers have all the analysis it needs.
> Later, if we decide the non-invertible function is the
> rate-limiting step, and if somebody comes up with
> something just as secure and more efficient, it can
> be be dropped in at any time, as a plug-in replacement.
It seems to me, though, that the question is worth some
exploration earlier.
More information about the cryptography
mailing list