applied cryptography - protocols, algorithms, and source code in c

First encrypt a block with the first key then encrypt

This preview shows page 1. Sign up to view the full content.

This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: message. This known-plaintext attack is useful only in certain circumstances, but it is a major security problem. A three-round encryption algorithm avoids this problem [992,1643,1644]. It uses three different hash functions: H1, H2, and H3. Further work shows that H1 can equal H2, or that H2 can equal H3, but not both [1193]. Also, H1, H2, and H3 cannot be based on iterating the same basic function [1643]. Anyway, assuming that H(k,x) behaves like a pseudo-random function, here is a three-round version: (1) Divide the key into two halves: K1 and Kr. (2) Divide the plaintext block into two halves: L0 and R0. (3) Append K1 to L0 and hash it. XoR the result of the hash with R0 to produce R1: R1 = R0 • H(K1,L0) (4) Append Kr to R1 and hash it. XOR the result of the hash with L0 to produce L1: L1 = L0 • H(Kr,R1) (5) Append K1 to L1 and hash it. XOR the result of the hash with R1 to produce R2: R2 = R1 • H(K1,L1) (6) Append L1 to R1 to generate the message. Message Digest Cipher (MDC) MDC, invented by Peter Gutmann [676], is a means of turning one-way hash functions into a block cipher that runs in CFB mode. The cipher runs almost as fast as the hash function and is at least as secure as the hash function. The rest of this section assumes you are familiar with Chapter 18. Hash functions such as MD5 and SHA use a 512-bit text block to transform an input value (128 bits with MD5, and 160 bits with SHA) into an output value of equal size. This transformation is not reversible, but it is perfect for CFB mode: The same operation is used for both encryption and decryption. Let’s look at MDC with SHA. MDC has a 160-bit block size and a 512-bit key. The hash function is run “sideways,” with the old hash state as the input plaintext block (160 bits) and the 512-bit hash input as a key (see Figure 14.5). Normally, when using the hash to simply hash some input, the 512-bit input to the hash is varied as each new 512-bit block is hashed. But in this case the 512-bit input becomes an unchanging key. MDC...
View Full Document

This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.

Ask a homework question - tutors are online