This preview shows page 1. Sign up to view the full content.
Unformatted text preview: message. This knownplaintext attack is useful only in certain circumstances, but it is a major security problem. A threeround encryption algorithm avoids this problem [992,1643,1644]. It uses three different hash functions: H1, H2, and H3. Further work shows that H1 can equal H2, or that H2 can equal H3, but not both [1193]. Also, H1, H2, and H3 cannot be based on iterating the same basic function [1643]. Anyway, assuming that H(k,x) behaves like a pseudorandom function, here is a threeround version: (1) Divide the key into two halves: K1 and Kr. (2) Divide the plaintext block into two halves: L0 and R0. (3) Append K1 to L0 and hash it. XoR the result of the hash with R0 to produce R1: R1 = R0 • H(K1,L0) (4) Append Kr to R1 and hash it. XOR the result of the hash with L0 to produce L1: L1 = L0 • H(Kr,R1) (5) Append K1 to L1 and hash it. XOR the result of the hash with R1 to produce R2: R2 = R1 • H(K1,L1) (6) Append L1 to R1 to generate the message. Message Digest Cipher (MDC)
MDC, invented by Peter Gutmann [676], is a means of turning oneway hash functions into a block cipher that runs in CFB mode. The cipher runs almost as fast as the hash function and is at least as secure as the hash function. The rest of this section assumes you are familiar with Chapter 18. Hash functions such as MD5 and SHA use a 512bit text block to transform an input value (128 bits with MD5, and 160 bits with SHA) into an output value of equal size. This transformation is not reversible, but it is perfect for CFB mode: The same operation is used for both encryption and decryption. Let’s look at MDC with SHA. MDC has a 160bit block size and a 512bit key. The hash function is run “sideways,” with the old hash state as the input plaintext block (160 bits) and the 512bit hash input as a key (see Figure 14.5). Normally, when using the hash to simply hash some input, the 512bit input to the hash is varied as each new 512bit block is hashed. But in this case the 512bit input becomes an unchanging key. MDC...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details