This preview shows page 1. Sign up to view the full content.
Unformatted text preview: boratory, although a description was recently published in . A group of researchers at the University of Waterloo have proposed a one-way hash function based on iterated exponentiation in GF(2593) . In this scheme, a message is divided into 593-bit blocks; beginning with the first block, the blocks are successively exponentiated. Each exponent is the result of the computation with the previous block; the first exponent is given by an IV. Ivan Damgård designed a one-way hash function based on the knapsack problem (see Section 19.2) ; it can be broken in about 232 operations [290, 1232, 787]. Steve Wolfram’s cellular automata  have been proposed as a basis for one-way hash functions. An early implementation  is insecure [1052, 404]. Another one-way hash function, Cellhash [384,404], and an improved version, Subhash [384,402, 405], are based on cellular automata; both are designed for hardware. Boognish mixes the design principles of Cellhash with those of MD4 [402, 407]. StepRightUp can be implemented as a hash function as well . Claus Schnorr proposed a one-way hash function based on the discrete Fourier transform, called FFT-Hash, in the summer of 1991 ; it was broken a few months later by two independent groups [403, 84]. Schnorr proposed a revised version, called FFT-Hash II (the previous version was renamed FFT-Hash I) , which was broken a few weeks later . Schnorr has proposed further modifications [1402, 1403] but, as it stands, the algorithm is much slower than the others in this chapter. Another hash function, called SL2 , is insecure . Additional theoretical work on constructing one-way hash functions from one-way functions and one-way permutations can be found in [412, 1138, 1342]. 18.11 One-Way Hash Functions Using Symmetric Block Algorithms
It is possible to use a symmetric block cipher algorithm as a one-way hash function. The idea is that if the block algorithm is secure, then the one-way hash function will also be secure. The most obvious method is to encrypt the message with...
View Full Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
- Fall '10