A design principle for hash functions
Ivan Damgård
- pp 416-427
TLDR
Apart from suggesting a generally sound design principle for hash functions, the results give a unified view of several apparently unrelated constructions of hash functions proposed earlier, and suggests changes to other proposed constructions to make a proof of security potentially easier.Abstract:
We show that if there exists a computationally collision free function f from m bits to t bits where m > t, then there exists a computationally collision free function h mapping messages of arbitrary polynomial lengths to t-bit strings.Let n be the length of the message, h can be constructed either such that it can be evaluated in time linear in n using 1 processor, or such that it takes time O(log(n)) using O(n) processors, counting evaluations of f as one step. Finally, for any constant k and large n, a speedup by a factor of k over the first construction is available using k processors.Apart from suggesting a generally sound design principle for hash functions, our results give a unified view of several apparently unrelated constructions of hash functions proposed earlier. It also suggests changes to other proposed constructions to make a proof of security potentially easier.We give three concrete examples of constructions, based on modular squaring, on Wolfram's pseudoranddom bit generator [Wo], and on the knapsack problem.read more
Citations
More filters
Proceedings ArticleDOI
Practical Byzantine fault tolerance
Miguel Castro,Barbara Liskov +1 more
TL;DR: A new replication algorithm that is able to tolerate Byzantine faults that works in asynchronous environments like the Internet and incorporates several important optimizations that improve the response time of previous algorithms by more than an order of magnitude.
Journal ArticleDOI
Security Arguments for Digital Signatures and Blind Signatures
David Pointcheval,Jacques Stern +1 more
TL;DR: It is proved that a very slight variation of the well-known El Gamal signature scheme resists existential forgeries even against an adaptively chosen-message attack and an appropriate notion of security related to the setting of electronic cash is defined.
Book ChapterDOI
Keying Hash Functions for Message Authentication
TL;DR: Two new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths.
Book ChapterDOI
How to break MD5 and other hash functions
Xiaoyun Wang,Hongbo Yu +1 more
TL;DR: A new powerful attack on MD5 is presented, which unlike most differential attacks, does not use the exclusive-or as a measure of difference, but instead uses modular integer subtraction as the measure.
Journal ArticleDOI
How to time-stamp a digital document
Stuart Haber,W. Scott Stornetta +1 more
TL;DR: Computationally practical procedures are proposed for digital time-stamping of such documents so that it is infeasible for a user either to back-date or to forward-date his document, even with the collusion of a time-Stamping service.
References
More filters
Proceedings ArticleDOI
Universal one-way hash functions and their cryptographic applications
Moni Naor,Moti Yung +1 more
TL;DR: A Universal One-Way Hash Function family is defined, a new primitive which enables the compression of elements in the function domain and it is proved constructively that universal one- way hash functions exist if any 1-1 one-way functions exist.
Book ChapterDOI
One way hash functions and DES
TL;DR: This work shows three one-way hash functions which are secure if DES is a good random block cipher.
Journal ArticleDOI
Random sequence generation by cellular automata
TL;DR: A 1-dimensional cellular automaton which generates random sequences is discussed, and an efficient random sequence generator based on them is suggested.
Book ChapterDOI
Collision free hash functions and public key signature schemes
TL;DR: The ability of a hash function to improve security and speed of a signature scheme is discussed: for example, it can combine the RSA-system with a collision free hash function based on factoring to get a scheme which is more efficient and much more secure.
Journal ArticleDOI
Digital signatures with RSA and other public-key cryptosystems
TL;DR: This work has shown that public-key signature systems can be vulnerable to attack if the protocols for signing messages allow a cryptanalyst to obtain signatures on arbitrary messages of the cryptan analyst's choice.