This preview shows page 1. Sign up to view the full content.
Unformatted text preview: , two modified DaviesMeyer functions work in tandem (see Figure 18.11). G0 = IG, where IG is some random initial value H0 = IH, where IH is some other random initial value Wi = EGi 1, Mi(Hi 1) Gi = Gi 1 • EMi,Wi(Gi 1) Hi = Wi • Hi 1 The following scheme uses two modified DaviesMeyer functions sidebyside (see Figure 18.12). G0 = IG, where IG is some random initial value H0 = IH, where IH is some other random initial value Gi = Gi 1 • EMi,Hi 1(¬Gi 1) Hi = Hi 1 • EGi 1,Mi(Hi 1) In both schemes, the two 64bit hash values Gi and Hi are concatenated to produce a single 128bit hash. As far as anyone knows, these algorithms have ideal security for a 128bit hash function: Finding a message that hashes to a given hash value requires 2128 attempts, and finding two random messages that hash to the same value requires 264 attempts—assuming that there is no better way to attack the block algorithm than by using brute force. MDC2 and MDC4
MDC2 and MDC4 were first developed at IBM [1081, 1079]. MDC2, sometimes called MeyerSchilling, is under consideration as an ANSI and ISO standard [61, 765]; a variant was proposed in [762]. MDC4 is specified for the RIPE project [1305] (see Section 25.7). The specifications use DES as the block function, although in theory any encryption algorithm could be used. Figure 18.12 Abreast DaviesMeyer. Figure 18.13 MDC2. MDC2 has a hash rate of ½, and produces a hash value twice the length of the block size. It is shown in Figure 18.13. MDC4 also produces a hash value twice the length of the block size, and has a hash rate of ¼ (see Figure 18.14). These schemes have been analyzed in [925, 1262]. They are secure against current computing power, but they are not nearly as secure as the designers have estimated. If the block algorithm is DES, they have been looked at with respect to differential cryptanalysis [1262]. Both MDC2 and MDC4 are patented [223]. AR Hash Function
The AR hash function was developed by Algorithmic Research, Ltd. and has been distributed by the ISO for informati...
View Full
Document
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details