[Cryptography] Name for a specific type of preimage resistance
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Dec 12 00:54:45 EST 2022
Stephan Neuhaus <stephan.neuhaus at zhaw.ch> writes:
>I don't know of any name (but I'm not a cryptographer). But why is that even
>an issue? Once you keep only hash(x) but not x, wouldn't ANY preimage do?
The specific problem here is "given hash( secret_value ), can you recover
secret_value from its hash"? Preimage resistance is the more general "given
hash( x ), can you find anything at all that produces that hash"?
(Note that this is an abstract concept, not getting bogged down into specifics
of what form secret_value has, how it's encoded, whether the hash is being
used in a KDF or PRF or as an HMAC or whatever, additional complications
introduced by input width > hash output width, etc).
In the absence of any actual name, could I suggest "singular preimage
resistance"?
Peter.
More information about the cryptography
mailing list