# Re: Hashing of short fixed length messages

*From*: Kristian Gjøsteen <kristiag+news@xxxxxxxxxxxx>*Date*: Wed, 16 Jun 2010 08:10:48 +0000 (UTC)

Paul Rubin <no.email@xxxxxxxxxxxxxx> wrote:

I don't understand Francois Grieu's random oracle proof well enough to

say I'm convinced by it. That doesn't mean I think it's wrong, but I

have reservations about it. I don't see how any results about random

oracles applies when the key is known. It's not an oracle at all, since

the cipher's complete internal state is available through every step of

the algorithm.

The same holds for hash functions as well, so this is not an objection

against random oracle arguments.

The idea is that the adversary doesn't really care about the internals

of the function, and the function should be a typical example of a

"random function" (or "random permutation").

Once you believe that about aes(k,.), the argument should be plausible.

--

Kristian Gjøsteen

.

**Follow-Ups**:**Re: Hashing of short fixed length messages***From:*Paul Rubin

**References**:**Hashing of short fixed length messages***From:*Maaartin

**Re: Hashing of short fixed length messages***From:*Tom St Denis

**Re: Hashing of short fixed length messages***From:*Maaartin

**Re: Hashing of short fixed length messages***From:*Paul Rubin

- Prev by Date:
**Re: Need some simple bijective mappings** - Next by Date:
**Re: Best practice for password hashing (proposal)** - Previous by thread:
**Re: Hashing of short fixed length messages** - Next by thread:
**Re: Hashing of short fixed length messages** - Index(es):