[Cryptography] Amongst the requirements for digests...
Phillip Hallam-Baker
phill at hallambaker.com
Thu Dec 27 11:30:43 EST 2018
I was just looking through some articles on cryptographic digests setting
out the criteria for acceptance and it occurs to me that as specified they
are necessary but not sufficient.
*Pre-image resistance*Given a hash value *h* it should be difficult to find
any message *m* such that *h* = hash(*m*).
That is necessary but I would want h to effectively disclose no useful
information whatsoever about m. Not the number of bits, not the parity,
nothing.
So I have been designing deranged hash functions that have the correct work
factor but are wrong, wrongety wrong.
So SHA2-Yuk is defined as
H(x) = (SHA2(x OR 1) OR 1) XOR (x AND 1)
Where the boolean operators only act on the last bit in the input.
The intent here is to ensure that the hash values of adjacent inputs are
paired such that H(x) XOR H(x XOR 1) = 1.
This would obviously be a highly undesirable property in a digest but it is
not excluded by our traditional definition of second preimage resistance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20181227/2ebff049/attachment.html>
More information about the cryptography
mailing list