Re: Hashing of short fixed length messages
 From: Kristian Gjøsteen <kristiag+news@xxxxxxxxxxxx>
 Date: Wed, 16 Jun 2010 08:10:48 +0000 (UTC)
Paul Rubin <no.email@xxxxxxxxxxxxxx> wrote:
I don't understand Francois Grieu's random oracle proof well enough to
say I'm convinced by it. That doesn't mean I think it's wrong, but I
have reservations about it. I don't see how any results about random
oracles applies when the key is known. It's not an oracle at all, since
the cipher's complete internal state is available through every step of
the algorithm.
The same holds for hash functions as well, so this is not an objection
against random oracle arguments.
The idea is that the adversary doesn't really care about the internals
of the function, and the function should be a typical example of a
"random function" (or "random permutation").
Once you believe that about aes(k,.), the argument should be plausible.

Kristian Gjøsteen
.
 FollowUps:
 Re: Hashing of short fixed length messages
 From: Paul Rubin
 Re: Hashing of short fixed length messages
 References:
 Hashing of short fixed length messages
 From: Maaartin
 Re: Hashing of short fixed length messages
 From: Tom St Denis
 Re: Hashing of short fixed length messages
 From: Maaartin
 Re: Hashing of short fixed length messages
 From: Paul Rubin
 Hashing of short fixed length messages
 Prev by Date: Re: Need some simple bijective mappings
 Next by Date: Re: Best practice for password hashing (proposal)
 Previous by thread: Re: Hashing of short fixed length messages
 Next by thread: Re: Hashing of short fixed length messages
 Index(es):
Relevant Pages
