This preview shows page 1. Sign up to view the full content.
Unformatted text preview: : Protocols, Algorthms, and Source Code in C (cloth)
Go!
Keyword
Brief Full Advanced Search Search Tips (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book:
Go! Previous Table of Contents Next
 This scheme appeared in a 1989 draft ISO standard [764], but was dropped in a later version [765]. Security problems with this scheme were identified in [1107, 925, 1262, 372]. (Actually, the version in the proceedings was strengthened after the version presented at the conference was attacked.) In some instances the birthday attack is solvable with a complexity of 239, not 264, through brute force. Do not use this scheme. LOKI DoubleBlock
This algorithm is a modification of QuisquaterGirault, specifically designed to work with LOKI [273]. All parameters are as in QuisquaterGirault. G0 = IG, where IG is a random initial value H0 = IH, where IH is another random initial value Wi = ELi • Gi 1 (Gi 1 • Ri) • Ri • Hi 1 Gi = ERi• Hi 1(Wi • Li) • Gi 1 • Hi 1 • Li Hi = Wi • Gi 1 Again, in some instances the birthday attack is trivially solvable [925, 926, 1262, 372, 736]. Do not use this scheme. Parallel DaviesMeyer
This is yet another attempt at an algorithm with a hash rate of 1 that produces a hash twice the block length [736]. G0 = IG, where IG is a random initial value H0 = IH, where IH is another random initial value Gi = ELi• Ri(Gi 1 • Li) • Li • Hi 1 Hi = ELi(Hi  1 • Ri) • Ri • Hi 1 Unfortunately, this scheme isn’t secure either [928, 861]. As it turns out, a doublelength hash function with a hash rate of 1 cannot be more secure than DaviesMeyer [861]. Tandem and Abreast DaviesMeyer
Another way around the inherent limitations of a block cipher with a 64bit key uses an algorithm, like IDEA (see Section 13.9), with a 64bit block and a 128bit key. These two schemes produce a 128bit hash value and have a hash rate of ½ [930, 925]. Figure 18.11 Tandem DaviesMeyer. In this first scheme...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details