Re: Dedicated hash systems vs block ciphers with CBC?



On 11-06-18 5:16 AM, Bruce Stephens wrote:
Jeffrey Goldberg <nobody@xxxxxxxxxxxx> writes:

[...]

With components of AES more frequently available in hardware, I wonder
what the current state of things are, but it does look like speed is the
issue.

Dunno. I'd guess some approach like Skein would still win.

I haven't been following developments in the SHA-3 competition, so I
don't have any idea of how many of the finalists are based on block
ciphers. But this is a simple thing to check...

From Wikipedia (as I'm checking these quickly, and I still don't grok
SHA-1, so Wikipedia is probably as far as I could go anyway).

BLAKE: Based a block cipher which in turn is based on a stream cipher.

Grøstl: Uses AES S-box, but it not really chaining AES or a variant (as
far as I can tell fro the Wikipedia article)

JH: Not a block cipher

Keccak: Sponge construction

Skein: Based on block cipher Threefish (which was developed for use in
Skein.

Applied Cryptography describes a number of constructions of hashes from
symmetric ciphers, noting that many of them aren't secure.

Interestingly Understanding Cryptography (published last year) only
discusses one option that post dates Applied Cryptography (2nd edition).


I think the
one that you suggested (fixed IV and key, chaining) is described "This
just isn't good enough for one-way hash functions, although it will work
for a MAC".

I wasn't actually suggesting that, I was just trying to illustrate what
kind of role a block-cipher key can play, and I was being lazy in my
response to Paul. Even I can see that "one-way-ness" goes out the window
with that.

But there are four schemes (very briefly) described in Understanding
Cryptography, all with more reasonable approaches.

Cheers,

-j


--
Jeffrey Goldberg http://goldmark.org/jeff/
I rarely read HTML or poorly quoting posts
Reply-To address is valid
.



Relevant Pages

  • Re: creating a key from a password
    ... As a rule, if you are new to cryptography, you should be very cautious ... So what you need is a hash function. ... you may use an encryption function as some sort of substitute. ... -- This usage of a block cipher is not likely to have been as thoroughly ...
    (sci.crypt)
  • Re: Want to learn cryptology with me?
    ... in cryptography, some use algebra extensively, others don't. ... mathematical theorems to come up with their final result ... > I have to say that the block cipher stuff doesn't interest me too much ... Block cipher design might still be useful if applied to cryptanalysing ...
    (sci.crypt)
  • Re: Want to learn cryptology with me?
    ... e.g. Goldreich's "Foundations of Cryptography". ... enough ground for practitioners while not overwhelming the reader with ... I have to say that the block cipher stuff doesn't interest me too much ... Block cipher design from a crypto practitioner's point of ...
    (sci.crypt)