applied cryptography - protocols, algorithms, and source code in c

The cbc method is specified in ansi x99 54 ansi x919

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: : Protocols, Algorthms, and Source Code in C (cloth) Go! Keyword Brief Full Advanced Search Search Tips (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book: Go! Previous Table of Contents Next ----------- This scheme appeared in a 1989 draft ISO standard [764], but was dropped in a later version [765]. Security problems with this scheme were identified in [1107, 925, 1262, 372]. (Actually, the version in the proceedings was strengthened after the version presented at the conference was attacked.) In some instances the birthday attack is solvable with a complexity of 239, not 264, through brute force. Do not use this scheme. LOKI Double-Block This algorithm is a modification of Quisquater-Girault, specifically designed to work with LOKI [273]. All parameters are as in Quisquater-Girault. G0 = IG, where IG is a random initial value H0 = IH, where IH is another random initial value Wi = ELi • Gi- 1 (Gi- 1 • Ri) • Ri • Hi- 1 Gi = ERi• Hi- 1(Wi • Li) • Gi- 1 • Hi- 1 • Li Hi = Wi • Gi- 1 Again, in some instances the birthday attack is trivially solvable [925, 926, 1262, 372, 736]. Do not use this scheme. Parallel Davies-Meyer This is yet another attempt at an algorithm with a hash rate of 1 that produces a hash twice the block length [736]. G0 = IG, where IG is a random initial value H0 = IH, where IH is another random initial value Gi = ELi• Ri(Gi- 1 • Li) • Li • Hi- 1 Hi = ELi(Hi - 1 • Ri) • Ri • Hi- 1 Unfortunately, this scheme isn’t secure either [928, 861]. As it turns out, a double-length hash function with a hash rate of 1 cannot be more secure than Davies-Meyer [861]. Tandem and Abreast Davies-Meyer Another way around the inherent limitations of a block cipher with a 64-bit key uses an algorithm, like IDEA (see Section 13.9), with a 64-bit block and a 128-bit key. These two schemes produce a 128-bit hash value and have a hash rate of ½ [930, 925]. Figure 18.11 Tandem Davies-Meyer. In this first scheme...
View Full Document

This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.

Ask a homework question - tutors are online