[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cfrg] Re: AES-based hash function

To: Greg Rose <ggr at qualcomm.com>
Subject: Re: [Cfrg] Re: AES-based hash function
From: John Viega <viega at securesoftware.com>
Date: Thu, 2 Sep 2004 22:47:37 -0400
Cc: Shai Halevi <shaih at alum.mit.edu>, cfrg at ietf.org
In-reply-to: <6.0.0.22.2.20040903070850.03a0b7f8@203.30.171.17>
List-help: <mailto:cfrg-request@ietf.org?subject=help>
List-id: Crypto Forum Research Group <cfrg.ietf.org>
List-post: <mailto:cfrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
References: <200409021502.i82F2Ucs007452@alum-2.mit.edu> <413765A1.9040407@alum.mit.edu> <6.0.0.22.2.20040903070850.03a0b7f8@203.30.171.17>
Sender: cfrg-bounces at ietf.org
User-agent: Mutt/1.5.5.1i

On Fri, Sep 03, 2004 at 07:12:04AM +1000, Greg Rose wrote:
> 
> I second Shai. In fact, look at the structure of the things that were all 
> just broken... they *are* block ciphers, used in Merkle-Damgard mode. The 
> data is used as the key, the chaining variables are the block, and the data 
> expansion phase is just a key-scheduling operation. The only way they 
> differ from things like AES is that more emphasis was placed on fast key 
> scheduling, since it changes for every block.

If you look at it from the perspective of SHA-1 using a block cipher
internally, The block cipher internal to SHA-1 is actually used in the
exact same mode that MDC-2 uses as its building block
(Matayas-Meyer-Oseas).  Doesn't this imply that, if this is the
paradigm even for traditional OWHFs, that we should focus on trying to
make block ciphers suitable replacements for ideal ciphers?  And isn't
AES much farther down that path than the internals of anything based
off MD4?

John

_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

References:
- [Cfrg] Re: AES-based hash function
  - From: Shai Halevi
- Re: [Cfrg] Re: AES-based hash function
  - From: Greg Rose

Prev by Date: SHA1 structure (Re: [Cfrg] Re: AES-based hash function)
Next by Date: Re: [Cfrg] Re: AES-based hash function
Previous by thread: SHA1 structure (Re: [Cfrg] Re: AES-based hash function)
Next by thread: Re: [Cfrg] Re: AES-based hash function
Index(es):
- Date
- Thread