This preview shows page 1. Sign up to view the full content.
Unformatted text preview: on purposes only [767]. Its basic structure is a variant of the underlying block cipher (DES in the reference) in CBC mode. The last two ciphertext blocks and a constant are XORed to the current message block and encrypted by the algorithm. The hash is the last two ciphertext blocks computed. The message is processed twice, with two different keys, so the hash function has a hash rate of ½. The first key is 0x0000000000000000, the second key is 0x2a41522f4446502a, and c is 0x0123456789abcdef. The result is compressed to a single 128bit hash value. See [750] for the details. Hi = EK (Mi • Hi 1 • Hi 2 • c ) • Mi This sounds interesting, but it is insecure. After considerable preprocessing, it is possible to find collisions for this hash function easily [416]. Figure 18.14 MDC4. GOST Hash Function
This hash function comes from Russia, and is specified in the standard GOST R 34.1194 [657]. It uses the GOST block algorithm (see Section 14.1), although in theory it could use any block algorithm with a 64bit block size and a 256bit key. The function produces a 256bit hash value. The compression function, Hi = f(Mi,Hi1) (both operands are 256bit quantities) is defined as follows: (1) Generate four GOST encryption keys by some linear mixing of Mi, Hi  1, and some constants. (2) Use each key to encrypt a different 64 bits of Hi 1 in ECB mode. Store the resulting 256 bits into a temporary variable, S. (3) Hi is a complex, although linear, function of S, Mi, and Hi 1. The final hash of M is not the hash of the last block. There are actually three chaining variables: Hn is the hash of the last message block, Z is the sum mod 2256 of all the message blocks, and L is the length of the message. Given those variables and the padded last block, M', the final hash value is: H = f(Z • M', f(L, f(M’,Hn))) The documentation is a bit confusing (and in Russian), but I think all that is correct. In any case, this hash function is specified for use with the Russian Digital Signature Standard (see Section 20.3). Previous Table of Contents Next Products  Contact Us...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details