[Cryptography] Uniform Data Fingerprint

Phillip Hallam-Baker phill at hallambaker.com
Wed May 27 17:28:08 EDT 2015 

We use message digests as data fingerprints in lots of places. OpenPGP
being the most visible of course but fingerprints are also used in BitCoin,
for software distribution and even in S/MIME

The OpenPGP group was discussing approaches to a new fingerprint format
based on Base32 so that we can squeeze more bits out of the data on a
business card. So generalizing a bit, I came up with this:

https://tools.ietf.org/html/draft-hallambaker-udf-00


The basic function is

   Fingerprint = Version-ID + H ( Content-ID  + ':' + H(Data))

   Where

   H(x) is the cryptographic digest function
   Version-ID is the fingerprint version and algorithm identifier.
   Content-ID is the MIME Content-Type of the data.
   Data is the binary data


Putting the MIME content type in the scope of the digest means that if the
same data string has meaning in two different contexts, an attacker can't
perform a substitution attack. It also means that whoever is interpreting
the hash has to know the context in which the data is being used.

The fingerprint is base32 encoded and set in chunks of 5 characters for
easier reading/verification. The precision is always a multiple of 25 bits
using simple truncation:

100 bits - MB2GK-6DUF5-YGYYL-JNY5E

150 bits - MB2GK-6DUF5-YGYYL-JNY5E-RWSHZ-SV75J


The version/algorithm identifier also defines the algorithm used. The
predefined identifiers are 96 for SHA-2-512 and 144 for SHA-3-512. These
produce mnemonics for 'Merkle' and 'Spongeworthy'


This might seem a little overdone, but the payoff is that say you have
trust list as follows:

MB2GK-6DUF5-YGYYL-JNY5E-RWSHZ-SV75J

MV75J-C4OZQ-5GIN2-GQ7FQ-EEHFI-W3RGH

...

You can have a trust list embedded in a device and it can stand for
anything you need to be trusted. Could be the operating system executable,
could be a PKIX root cert, could be a PKIX CTL, could be a PGP key. We can
now direct all queries of the form 'is this anchor trustworthy' to this one
list regardless of context.

That is something simple enough that we can think about silicon
implementation someday.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150527/18cd5825/attachment.html>

More information about the cryptography mailing list