[Cryptography] Shamir Discrete Logarithm Hash Function (update)
Jacob Christian Munch-Andersen
nohat at nohatcoder.dk
Sat Jan 11 13:50:56 EST 2025
On Wed, Jan 8, 2025, at 6:59 PM, Ralf Senderek wrote:
> Some 22 years ago, I implemented a hash function [1] that was proposed by Adi Shamir ...
This is an amusing mathematical construction, it is not a practical hash function. Secure if RSA is secure is actually pretty bad for a hash function, given that RSA falls if quantum computers ever get anywhere, while regular hash functions should remain strong.
The implications of the person having made the seed being able to forge collisions are actually quite complicated, for starters it allows some bait-and-switch scenarios. It can work for some uses cases, but explaining the security constraints is way more difficult than for an ordinary hash, and it is guaranteed that a lot of people would get it wrong.
As for seeded vs non-seeded, we already have both kinds of hashes, they are useful for different purposes, and I would very much like to be able to continue using the non-seeded ones for their uses cases.
I'm certain that I could make the function run faster, but there is no point in improving it as nobody should use it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20250111/420bc164/attachment.htm>
More information about the cryptography
mailing list