[Cfrg] Re: AES-based hash function

["Shai Halevi" <shaih at alum.mit.edu>]

On Saturday, 4 Sep 2004 10:39:53, John Viega wrote:

> I don't see how the properties needed for using a block cipher in
> a hashing mode are any different than ones we find desirable for
> encryption.  

That's exactly my point, that I don't believe this to be true. 
The kind of attacks and considerations that you have in mind when 
designing a block cipher are not very relevant to the security of 
the result when used to build a hash function. 

> Particularly, we know that such constructs are secure 
> if the cipher is an ideal cipher.  Therefore, the properties we would
> like our block cipher to have for that use are whatever gets us
> closest to an ideal cipher.  

As per my previous posts, I'm convinced that the last statement cannot 
possibly have any concrete interpretation. 

> The theoretical landscape here is fairly bare, all things considered.

I'm definitely with you on this one. 

-- Shai



_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg