I. Damgard. A design principle for hash functions. In G. Brassard, editor, Advances in Cryptology -- CRYPTO '89, volume 435 of Lecture Notes in Computer Science. Springer-Verlag, 1990.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....the hardness of the Knapsack Problem. The Knapsack Problem is stated as follows: Given a set of integers S = S 1 ; S k and an integer n, find some subset T S such that P t i 2T t i = n. Merkle and Hellman initially used this problem in public key cryptosystem [65] Harari [45] Damgard [29] and Zemor [114] later proposed both additive and multiplicative Knapsack based hashes. Damgard s scheme was broken by Camion and Patarin [15] Preneel points out weaknesses in Harari s scheme [74] The heavy computational and storage requirements of Knapsack based hashes are beyond low cost tag ....

....a register implementing Rule #30 on a single cell. Figure 5 7 portrays the time evolution of Rule #30 running in a fixed sized cyclic register for several hundred iterations. Initially, the register contained a single on cell. An early implementation of a CA based hash was presented by Damgard [29]. Daemen, Govaerts and Vandewalle showed an insecurity in Damgard s scheme. They propose their own CA based hash called Cellhash [27] as well as an improved version called Sub46 Figure 5 6: Implementation of a CA on a single cell of a fixed sized cyclic register. Hash [28] While no breaks in ....

Ivan Damgard. A Design Principle for Hash Functions. In Gilles Brassard, editor, Advances in Cryptology - CRYPTO, volume 435 of LNCS, pages 416--427. SpringerVerlag, August 1989.

....is odd. 3) Paper [FHK 88] includes an idea which can be used to adapt our techniques to the case where m is prime and a window of successive bits of the x i s is announced. We find the details too technical to be included in the present paper. 3. 2 Cryptanalysis of Damgard s hash function In [Dam89] Damgard proposed to base a hash function on a knapsack compression function using 256 (non modular) numbers a i of size 120 bits. His idea was to divide the message to be hashed into blocks of 128 bits, and to apply to following process: ffl Start with a fixed initial value on 128 bits. ....

I. Damgard. A design principle for hash functions. In Advances in Cryptology, Proceedings of Crypto'89, volume 435 of Lecture Notes in Computer Science, pages 25--37, New York, 1989. Springer-Verlag.

....the proof by constructing a CRHF H = G; H) on the input domain as follows. Let S = S[1]S[2] S[n] n p(k) be an arbitrary string, such that jS[j]j = k log 2 n k log 2 p(k) It is sufficient to look at strings with length dividing k log 2 p(k) due to the constructions presented in [Dam89, Mer89] Now define H i (S[1] S[n] D i ( 1] n] where [j] hji log 2 p(k) S[j] and hii k denotes a k bit binary fixed representation of i 2 N . Clearly, if D is a CRHF on the domain 2 , then H is a CRHF on domain . The opposite was proven by Theorem 1. ut The ....

Ivan Damgard. A Design Principle for Hash Functions. In Gilles Brassard, editor, Advances in Cryptology---CRYPTO '89, volume 435 of Lecture Notes in Computer Science, pages 416--427, Santa Barbara, California, USA, 20--24 August 1989. Springer-Verlag, 1990.

....scheme is non existentially forgeable even with an adaptive chosen message attack [GMR88] if a node x is not faulty and it did not sign message m, the adversary is unable to generate a valid signature oe x for any m. We also assume that the cryptographic hash function is collision resistant [Dam89] the adversary is unable to find two distinct messages m and such that D(m) D(m ) These assumptions are probabilistic but they are believed to hold with high probability for the cryptographic primitives we use [BR96, Riv92] Therefore, we will assume that they hold with probability one ....

....is faulty or not. As discussed in Section 2.1, the algorithm uses digital signatures and cryptographic hash functions. We assume the signature scheme is non existentially forgeable even with an adaptive chosen message attack [GMR88] and that the cryptographic hash function is collision resistant [Dam89] These assumptions amount to restrictions on the computational power of the adversary and the Byzantine faulty replicas and clients it may control. 2.4.3 Modified Linearizability The safety property offered by BFT PK is a form of linearizability [HW87] the replicated service behaves like a ....

I. Damgard. A Design Principle for Hash Functions. In G. Brassard, editor, Advances in Cryptology -- Crypto' 89 Proceedings, number 435 in Lecture Notes in Computer Science. Springer-Verlag, 1989.

....schemes. We begin with a well known result, adapted to the Shannon model, that states, informally, that if the compression function f is collision resistant, then so is the hash scheme H constructed by iterating f . For completeness, the proof is given in Appendix A.1. Lemma 3. 1 [Merkle Damgard [6, 4] in the Shannon model] Fix n 1. Let f : be a round function that depends on a block cipher E: and let H: 0, 1 be the hash function constructed from f according to Equation (1) Then for all q H[Bloc(n,n) q) We now proceed to upperbound the ....

I. Damgard. A design principle for hash functions. In Advances in Cryptology -- CRYPTO '89, Lecture Notes in Computer Science. Springer-Verlag, 1990.

....not have very good security bounds for concrete security parameters, but they indicate that the above intuition is not entirely accurate. In addition, standard hash functions such as the ones in the SHA family are typically de ned in terms of a compression function, following the Merkle Damg ard [10, 22] paradigm. In certain cases (including the SHA family) this compression function (or a slight variant thereof) is a pseudo random permutation. This has been observed by Handschuh and Naccache, who submitted the compression function in SHA 1, denoted SHACAL [15] as a block cipher to the NESSIE ....

I. Damgard. A Design Principle For Hash Functions. Advances in Cryptology { Crypto '89, pp. 416-427. Springer-Verlag, 1990.

No context found.

I. Damgard, A Design Principle for Hash Functions, In Crypto '89, pages 416-427, 1989. LNCS No. 435.

No context found.

I. Damgard, "A design principle for hash functions," Proc. of CRYPTO 89, pp. 416--427, 1989.

No context found.

I. Damgard. A design principle for hash functions. In G. Brassard, editor, Advances in Cryptology -- CRYPTO '89, volume 435 of Lecture Notes in Computer Science. Springer-Verlag, 1990.

No context found.

I. B. Damgard. A design principle for hash functions. Lecture Notes in Computer Science 435 (1990), 416--427 (CRYPTO '89).

No context found.

I. Damgard. A Design Principle for Hash Functions, In Advances in Cryptology -- Crypto'89, Springer-Verlag, 1990.

No context found.

I. Damgard, Design Principles of Hash Functions, Crypto '89, Springer-Verlag. 13

No context found.

Damgard, I.: A design principle for hash functions, In Advances in Cryptology -- CRYPTO '89, LNCS 435, Springer-Verlag, 1990.

No context found.

I. Damgard, Design Principles of Hash Functions. Crypto '89, LNCS n435, pp. 416--427, Springer-Verlag. 19

No context found.

I. Damgard. A Design Principle for Hash Functions. In 416--427. Springer-Verlag, 1990.

No context found.

Damgard, "A design principle for hash functions," Advances in Cryptology--Crypto 89 Proceedings, Springer-Verlag, 1989.

No context found.

I. Damgard. A design principle for hash functions. Crypto 89, LNCS 435, pp. 416-- 427.

No context found.

I. Damgard: "A design principle for hash functions", Presented at Crypto'89, 1989.

No context found.

I.B. Damgard. A design principle for hash functions. In Gilles Brassard, editor, Advances in Cryptology - Crypto' 89, LNCS, pages 416--426. Springer-Verlag, 1989.

No context found.

I. Damgard. A design principle for hash functions. In G. Brassard, editor, Advances in Cryptology -- CRYPTO '89, volume 435 of Lecture Notes in Computer Science. Springer-Verlag, 1990.

No context found.

I. Damgard, A design principle for hash functions, Presented at Crypto'89 (1989).

No context found.

I. Damgard. A design principle for hash functions. In G. Brassard, editor, Advances in Cryptology -- CRYPTO '89, volume 435 of Lecture Notes in Computer Science. Springer-Verlag, 1990.

No context found.

I. Damgard: "A design principle for hash functions", Presented at CRYPTO'89, 1989.

No context found.

I. B. Damgard. A Design Principle for Hash Functions. In Advances in Cryptology-CRYPTO '89, volume 435 of Lecture Notes in Computer Science, pages 416-427. Springer-Verlag, 1989.

No context found.

I. B. Damgard. A design principle for hash functions, Advances in Cryptology - Crypto'89, Lecture Notes in Computer Sciences, Vol. 435, Springer-Verlag, pp. 416427, 1989.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC