Re: How good are Davis-Meyer type hash functions made from block ciphers like AES?



So here's my latest pseudocode...

byte digest[16] = { 0,0,... }
byte block[16] = { 0,0,... }
byte previous_digest[16]
integer block_counter = 0

; digest message
for each byte b of message
block[block_counter] = b
block_counter = block_counter + 1
if block_counter == 16 then
block_counter = 0
save digest[] in previous_digest[]
encrypt digest[] with aes-128 using block[] as 128-bit aes-128
key
xor digest[] with previous_digest[]
end if
next

; append end marker, do final block
block[block_counter] = 0x80
block_counter = block_counter + 1
zero rest of block[] from block_counter to 15
save digest[] in previous_digest[]
encrypt digest[] with aes-128 using block[] as 128-bit aes-128 key
xor digest[] with previous_digest[]

; Merkle-Damgård length padding
zero first 8 bytes of block[]
fill last 8 bytes of block[] w/64-bit length in big-endian order
save digest[] in previous_digest[]
encrypt digest[] with aes-128 using block[] as 128-bit aes-128 key
xor digest[] with previous_digest[]

; digest[] now contains message digest

By the way, anyone else on the net is free to use this construct if
they ever have a need for it.
.



Relevant Pages