I. Mironov. Hash functions: From Merkle-Damgard to Shoup. In Advances in Cryptology -- EUROCRYPT '01, Lecture Notes in Computer Science. Springer-Verlag, 2001.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....number of processors grows with the length of the message. See Table 1 in Section 7 for a comparison of di erent algorithms. An important factor in the study of domain extender for UOWHFs is the minimum amount of key length expansion that is required for the domain extender to be correct. Mironov [4] has shown that the key length expansion in Shoup s algorithm is the minimum possible for any sequential Merkle Damg ard type construction. Sarkar [7] has obtained a lower bound on the amount of key length expansion required for any full binary tree algorithm. This brings up the question of ....

....i ) where j = i) 4. De ne z r to be the output of H p (x) For the sake of simplicity we do not include an initialisation vector. The function h k is invoked (r 1) times and the algorithm requires dlog 2 (r 1)e = 1 blog 2 rc masks. This algorithm was initially described in [9] and in [4] it was shown that the number of masks required is the minimum possible for any such sequential construction to be correct. 3.2 Tree Based Algorithm Extending the domain of a UOWHF using a full binary tree of processors have been considered in the literature [1, 7] A full binary tree of 2 1 ....

[Article contains additional citation context not shown here]

I. Mironov. Hash functions: from Merkle-Damgard to Shoup. Lecture Notes in Computer Science, 2045 (2001), 166-181 (Advances in Cryptology - EUROCRYPT'01).

....Shoup [7] The scheme requires a key length expansion of t m, where m is the size of the message digest and 2 1 is the number of times the hash function h k is invoked. The Shoup construction works even if the number of invocations of h k is not of the form 2 1. In a later work, Mironov [4] proved the key length expansion to be optimal for the Shoup construction. For practical purposes, it is of interest to consider parallel hashing schemes. Binary tree based hash algorithm will provide speed up by a factor of t over the sequential algorithm to hash a message of length 2 (n m) ....

....expansion is 2m bits for t = 2; m(t 1) bits for 3 t 6 and m (t blog 2 (t 1)c) bits for t 7. This is a signi cant improvement over the scheme in [1] The improvement is achieved by using the Shoup construction along certain paths in the binary tree. We use the proof technique used in [4] to show the correctness of our construction. We obtain a lower bound on the amount of key expansion required by any binary tree based algorithm for extending the domain of a UOWHF. We show that the key length must increase by at least 2m bits if t = 2 and by at least m (t 1) bits if t 3. ....

[Article contains additional citation context not shown here]

I. Mironov. Hash functions: from Merkle-Damgard to Shoup. Lecture Notes in Computer Science,

....PHA. It turns out that these message lengths also do not require padding by the MD algorithm. Let the length of the message be L = t) q t (L) t) b t (L) 2n 2m) Then PHA makes (L) q t (L) 2)2 2b t (L) 1 invocations of h. Here we use the description of the MD algorithm given in [5]. For the MD algorithm the rst invocation uses n bits and each of the subsequent invocations uses n m bits. Hence the total number of invocations of h is 1 L n (2n 2m) q2 (2n 2m) b(2n 2m) n 2m) n = L) Thus we get the following result. Theorem 12 The number (L) of invocations ....

I. Mironov. Hash functions: from Merkle-Dam gard to Shoup. Lecture Notes in Computer Science,

No context found.

I. Mironov. Hash functions: From Merkle-Damgard to Shoup. In Advances in Cryptology -- EUROCRYPT '01, Lecture Notes in Computer Science. Springer-Verlag, 2001.

No context found.

I. Mironov. Hash functions: from Merkle-Damgard to Shoup. Lecture Notes in Computer Science, 2045 (2001), 166-181 (Advances in Cryptology - EUROCRYPT'01).

No context found.

I. Mironov. Hash functions: from Merkle-Damgard to Shoup. Lecture Notes in Computer Science,

No context found.

I. Mironov. Hash functions: From Merkle-Damgard to Shoup. In Advances in Cryptology -- EUROCRYPT '01, Lecture Notes in Computer Science. Springer-Verlag, 2001.

No context found.

I. Mironov. Hash functions: From Merkle-Damgard to Shoup. In Advances in Cryptology -- EUROCRYPT '01, Lecture Notes in Computer Science. Springer-Verlag, 2001.

No context found.

I. Mironov. Hash functions: from Merkle-Damgard to Shoup. Lecture Notes in Computer Science,

No context found.

I. Mironov. Hash functions: from Merkle-Damgard to Shoup, Advances in Cryptology - Eurocrypt'01, Lecture Notes in Computer Science, Vol. 2045, Springer-Verlag, pp 166-181, 2001

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC