Re: Using two one-way-functions => no one-way-function anymore
- From: daw@xxxxxxxxxxxxxxxxxxxxxxxx (David Wagner)
- Date: Thu, 24 Jan 2008 00:48:27 +0000 (UTC)
Stephan Wehner wrote:
I think one of the basics of one-way-functions in use, is that pairing
them is not a good idea.
In other words, if f1 and f2 are two one-way-functions which one deems
secure, then the function
x -> ( f1(x), f2(x) ) might be much less secure.
Is this "true"?
Yes. For instance, suppose that f1(x) maps 512-bit inputs to 512-bit
outputs as follows: f1(x) = (SHA256(x), lefthalf(x)). Suppose that f2(x)
= (SHA256(x), righthalf(x)). Then both f1 and f2 are one-way functions
(under suitable assumptions), yet f(x) = (f1(x), f2(x)) is not one-way.
Is there a reference/name for this phenomenon?
Is there a real-life example of exposure caused by this?
I don't know.
.
- Follow-Ups:
- Re: Using two one-way-functions => no one-way-function anymore
- From: Phil Carmody
- Re: Using two one-way-functions => no one-way-function anymore
- From: Stephan Wehner
- Re: Using two one-way-functions => no one-way-function anymore
- References:
- Using two one-way-functions => no one-way-function anymore
- From: Stephan Wehner
- Using two one-way-functions => no one-way-function anymore
- Prev by Date: Re: JSH: Same old kook
- Next by Date: Re: JSH: What are you people?
- Previous by thread: Using two one-way-functions => no one-way-function anymore
- Next by thread: Re: Using two one-way-functions => no one-way-function anymore
- Index(es):
