applied cryptography - protocols, algorithms, and source code in c

The bidirectional mac value is simply the

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: , two modified Davies-Meyer functions work in tandem (see Figure 18.11). G0 = IG, where IG is some random initial value H0 = IH, where IH is some other random initial value Wi = EGi- 1, Mi(Hi- 1) Gi = Gi- 1 • EMi,Wi(Gi- 1) Hi = Wi • Hi- 1 The following scheme uses two modified Davies-Meyer functions side-by-side (see Figure 18.12). G0 = IG, where IG is some random initial value H0 = IH, where IH is some other random initial value Gi = Gi- 1 • EMi,Hi- 1(¬Gi- 1) Hi = Hi- 1 • EGi- 1,Mi(Hi- 1) In both schemes, the two 64-bit hash values Gi and Hi are concatenated to produce a single 128-bit hash. As far as anyone knows, these algorithms have ideal security for a 128-bit hash function: Finding a message that hashes to a given hash value requires 2128 attempts, and finding two random messages that hash to the same value requires 264 attempts—assuming that there is no better way to attack the block algorithm than by using brute force. MDC-2 and MDC-4 MDC-2 and MDC-4 were first developed at IBM [1081, 1079]. MDC-2, sometimes called Meyer-Schilling, is under consideration as an ANSI and ISO standard [61, 765]; a variant was proposed in [762]. MDC-4 is specified for the RIPE project [1305] (see Section 25.7). The specifications use DES as the block function, although in theory any encryption algorithm could be used. Figure 18.12 Abreast Davies-Meyer. Figure 18.13 MDC-2. MDC-2 has a hash rate of ½, and produces a hash value twice the length of the block size. It is shown in Figure 18.13. MDC-4 also produces a hash value twice the length of the block size, and has a hash rate of ¼ (see Figure 18.14). These schemes have been analyzed in [925, 1262]. They are secure against current computing power, but they are not nearly as secure as the designers have estimated. If the block algorithm is DES, they have been looked at with respect to differential cryptanalysis [1262]. Both MDC-2 and MDC-4 are patented [223]. AR Hash Function The AR hash function was developed by Algorithmic Research, Ltd. and has been distributed by the ISO for informati...
View Full Document

Ask a homework question - tutors are online