This preview shows page 1. Sign up to view the full content.
Unformatted text preview: . The hash of the entire message is the hash of the last block. The preimage should contain some kind of binary representation of the length of the entire message. This technique overcomes a potential security problem resulting from messages with different lengths possibly hashing to the same value [1069, 414]. This technique is sometimes called MDstrengthening [930]. Various researchers have theorized that if the compression function is secure, then this method of hashing an arbitrarylength preimage is also secure—but nothing has been proved [1138, 1070, 414]. A lot has been written on the design of oneway hash functions. For more mathematical information, consult [1028, 793, 791, 1138, 1069, 414, 91, 858, 1264]. Bart Preneel’s thesis [1262] is probably the most comprehensive treatment of oneway hash functions. Figure 18.1 Oneway function. 18.2 Snefru
Snefru is a oneway hash function designed by Ralph Merkle [1070]. (Snefru, like Khufu and Khafre, was an Egyptian pharaoh.) Snefru hashes arbitrarylength messages into either 128bit or 256bit values. First the message is broken into chunks, each 512m in length. (The variable m is the length of the hash value.) If the output is a 128bit hash value, then the chunks are each 384 bits long; if the output is a 256bit hash value, then the chunks are each 256 bits long. The heart of the algorithm is function H, which hashes a 512bit value into an mbit value. The first m bits of H’s output are the hash of the block; the rest are discarded. The next block is appended to the hash of the previous block and hashed again. (The initial block is appended to a string of zeros.) After the last block (if the message isn’t an integer number of blocks long, zeros are used to pad the last block), the first m bits are appended to a binary representation of the length of the message and hashed one final time. Function H is based on E, which is a reversible blockcipher function that operates on 512bit blocks. H is the last m bits of the output of E XORed with the first m bits of the input of E. The security of Snefru resides in function E, which randomizes data in several passes. Each pass is composed of 64 randomizing rounds. In each round a different byte of the data is used as an input to an Sbox; the output word of the Sbox is XORed with two neighboring words of the message. The Sboxes are constructed in a manner simil...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details