I. Damgard. A design principle for hash functions. In G. Brassard, editor, Advances in Cryptology -- CRYPTO '89, volume 435 of Lecture Notes in Computer Science. Springer-Verlag, 1990.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....the hardness of the Knapsack Problem. The Knapsack Problem is stated as follows: Given a set of integers S = S 1 ; S k and an integer n, find some subset T S such that P t i 2T t i = n. Merkle and Hellman initially used this problem in public key cryptosystem [65] Harari [45] Damgard [29] and Zemor [114] later proposed both additive and multiplicative Knapsack based hashes. Damgard s scheme was broken by Camion and Patarin [15] Preneel points out weaknesses in Harari s scheme [74] The heavy computational and storage requirements of Knapsack based hashes are beyond low cost tag ....

....a register implementing Rule #30 on a single cell. Figure 5 7 portrays the time evolution of Rule #30 running in a fixed sized cyclic register for several hundred iterations. Initially, the register contained a single on cell. An early implementation of a CA based hash was presented by Damgard [29]. Daemen, Govaerts and Vandewalle showed an insecurity in Damgard s scheme. They propose their own CA based hash called Cellhash [27] as well as an improved version called Sub46 Figure 5 6: Implementation of a CA on a single cell of a fixed sized cyclic register. Hash [28] While no breaks in ....

Ivan Damgard. A Design Principle for Hash Functions. In Gilles Brassard, editor, Advances in Cryptology - CRYPTO, volume 435 of LNCS, pages 416--427. SpringerVerlag, August 1989.

....is odd. 3) Paper [FHK 88] includes an idea which can be used to adapt our techniques to the case where m is prime and a window of successive bits of the x i s is announced. We find the details too technical to be included in the present paper. 3. 2 Cryptanalysis of Damgard s hash function In [Dam89] Damgard proposed to base a hash function on a knapsack compression function using 256 (non modular) numbers a i of size 120 bits. His idea was to divide the message to be hashed into blocks of 128 bits, and to apply to following process: ffl Start with a fixed initial value on 128 bits. ....

I. Damgard. A design principle for hash functions. In Advances in Cryptology, Proceedings of Crypto'89, volume 435 of Lecture Notes in Computer Science, pages 25--37, New York, 1989. Springer-Verlag.

....the proof by constructing a CRHF H = G; H) on the input domain as follows. Let S = S[1]S[2] S[n] n p(k) be an arbitrary string, such that jS[j]j = k log 2 n k log 2 p(k) It is sufficient to look at strings with length dividing k log 2 p(k) due to the constructions presented in [Dam89, Mer89] Now define H i (S[1] S[n] D i ( 1] n] where [j] hji log 2 p(k) S[j] and hii k denotes a k bit binary fixed representation of i 2 N . Clearly, if D is a CRHF on the domain 2 , then H is a CRHF on domain . The opposite was proven by Theorem 1. ut The ....

Ivan Damgard. A Design Principle for Hash Functions. In Gilles Brassard, editor, Advances in Cryptology---CRYPTO '89, volume 435 of Lecture Notes in Computer Science, pages 416--427, Santa Barbara, California, USA, 20--24 August 1989. Springer-Verlag, 1990.

....scheme is non existentially forgeable even with an adaptive chosen message attack [GMR88] if a node x is not faulty and it did not sign message m, the adversary is unable to generate a valid signature oe x for any m. We also assume that the cryptographic hash function is collision resistant [Dam89] the adversary is unable to find two distinct messages m and such that D(m) D(m ) These assumptions are probabilistic but they are believed to hold with high probability for the cryptographic primitives we use [BR96, Riv92] Therefore, we will assume that they hold with probability one ....

....is faulty or not. As discussed in Section 2.1, the algorithm uses digital signatures and cryptographic hash functions. We assume the signature scheme is non existentially forgeable even with an adaptive chosen message attack [GMR88] and that the cryptographic hash function is collision resistant [Dam89] These assumptions amount to restrictions on the computational power of the adversary and the Byzantine faulty replicas and clients it may control. 2.4.3 Modified Linearizability The safety property offered by BFT PK is a form of linearizability [HW87] the replicated service behaves like a ....

I. Damgard. A Design Principle for Hash Functions. In G. Brassard, editor, Advances in Cryptology -- Crypto' 89 Proceedings, number 435 in Lecture Notes in Computer Science. Springer-Verlag, 1989.

....schemes. We begin with a well known result, adapted to the Shannon model, that states, informally, that if the compression function f is collision resistant, then so is the hash scheme H constructed by iterating f . For completeness, the proof is given in Appendix A.1. Lemma 3. 1 [Merkle Damgard [6, 4] in the Shannon model] Fix n 1. Let f : be a round function that depends on a block cipher E: and let H: 0, 1 be the hash function constructed from f according to Equation (1) Then for all q H[Bloc(n,n) q) We now proceed to upperbound the ....

I. Damgard. A design principle for hash functions. In Advances in Cryptology -- CRYPTO '89, Lecture Notes in Computer Science. Springer-Verlag, 1990.

....not have very good security bounds for concrete security parameters, but they indicate that the above intuition is not entirely accurate. In addition, standard hash functions such as the ones in the SHA family are typically de ned in terms of a compression function, following the Merkle Damg ard [10, 22] paradigm. In certain cases (including the SHA family) this compression function (or a slight variant thereof) is a pseudo random permutation. This has been observed by Handschuh and Naccache, who submitted the compression function in SHA 1, denoted SHACAL [15] as a block cipher to the NESSIE ....

I. Damgard. A Design Principle For Hash Functions. Advances in Cryptology { Crypto '89, pp. 416-427. Springer-Verlag, 1990.

....function. Merkle [43, 42] proposed hashing schemes based on Winternitz s construction. These schemes use DES to produce digests of size 128 bits. Their construction follows a general method for constructing hash algorithms, called the meta method. This is the same as the serial method of Damgard [22]. The description of the method is as follows. The message is first divided into blocks of 106 bits. Each 106 bit block M i of data is concatenated with the 128 bit block H i Gamma1 . The concatenation X i = M i k H i Gamma1 contains 234 bits. Each block X i is further divided into halves, X i1 ....

....algorithm, with exponent two, is then run on the modified message in CBC mode (cf. Pieprzyk and Sadeghiyan [49] In this scheme, the four most significant bits of every byte in each block are set to 1. Coppersmith [20] shows how to construct colliding messages in this scheme. Damgard [22] describes a scheme based on squaring, which maps a block of n bits into a block of m bits. The scheme is defined by: H 0 = IV H i = extract(00111111 k H i Gamma1 k M i ) 2 mod N H(M) H t : In the above scheme, the role of extract is to extract m bits from the result of the squaring ....

I. Damgard. A design principle for hash functions. Proc. Crypto'89, LNCS Vol. 435, Springer-Verlag, Berlin, 1990, pp. 416-427.

.... = M and hash(H 0 ; M ) hash(H 0 ; M) Free start collision attack: Find H 0 , H 0 , M , and M such that ( H 0 ; M ) j = H 0 ; M ) and hash( H 0 ; M ) hash(H 0 ; M ) To minimize the effort required in the design of a cryptographically secure hash function, many designers [1] 11] [17], 20] have considered their schemes based on block cipher algorithms. We say a block cipher EK (1) is an (m; k) block cipher if the input (output) is m bits long and the key K is k bits long. Consider an iterated hash function hash(1; 1) such that the round function h uses an (m; k) block ....

....with rate 1 in Proposition 2 there exists a freestart preimage attack and a free start collision attack with complexities about 2 2 2 m and 2 2 2 m=2 , respectively. To avoid some trivial attacks, the following strengthening of iterated hash functions was proposed independently by Damgard [17] and Merkle [1] Definition 4 (Merkle Damgard Strengthening) Consider an iterated hash function Hash(1) and a message to be hashed M = M 1 ; Mn ) Specify an extra message block M n 1 containing the length of M (before) padding in bits. The hash result of M is defined as Hash(M 0 ) ....

[Article contains additional citation context not shown here]

I. B. Damgard, "A design principle for hash functions," in Advances in Cryptology -- CRYPTO '89 Proceedings (G. Brassard, ed.), vol. 435 of Lecture Notes in Computer Science, pp. 416--427, Springer-Verlag, 1990.

....letter. This is generally a desirable property, since if a ciphertext string can decrypt to numerous plaintext strings the intended receiver needs some way of destinguishing between the possible decryptions. One way hash functions are an example of the use of a many to one function in cryptography [14]. One to many functions are used in probabilistic encryption [30, 29] We concentrate on substitution systems. We assume q 1 = q 2 = q, and Sigma q = Z q , unless otherwise stated, in which case a substitution is a permutation on Z q . The set of all substitutions on Z q is 51 the symmetric ....

I. Damgard and Ivan Bjerre. A design principle for hash functions. In G. Brassard, editor, CRYPTO'89, pages 416--427. Springer, 1990. Lecture Notes in Computer Science No. 435.

.... M such that M = M and has (H 0 , M) has (H 0 ,M) Free start collision attack:FiE H 0 , H 0 , M , and M such that ( H 0 , M) H 0 ,M) and has ( H 0 , M) has (H 0 ,M) TomiE0CE2 the e#ortrequiEC i thedesi7 of acryptographi2i secure hashfunctiEP many desi23EP [1] 11] [17], 0] haveconsi2[CO thei schemes based on blockciDWO algori[C3W We say a blockci04C EK ( i san(m, k) blockci03C i theie2E (output)i mbi0 long and the key K i kbiE long.ConsiEP an i23EPW3 hashfunctiD hash( whose roundfuncti7 h uses an (m, k) blockci7OOW The hash( i s called a siEPW ....

....length hash functiP wic rate 1i n Proposi20O 2there exire a freestart prei2O4 attack and a free start colliiW2WD7 k wiW complexi34P about 2 2 m and 2 2 m 2 , respecti ely. To avoi some tri20E attacks, the followil strengtheni[ ofi20W7CO hashfuncti0O was proposed ised endently by Damgard [17] and Merkle [1] Definition 4 (Merkle Damgard Strengthening) Consing ani070CO2 hashfuncti0 Hash( and a message to be hashed M = M 1 , M n ) SpeciW an extra message block Mn 1 contai034 the length of M (before) paddiO i bii The hash result of M i defined as Hash(M # ) where M # = M 1 , ....

[Article contains additional citation context not shown here]

I.B. Damgard, "A design principle for hash functions," Advances in Cryptology---CRYPTO'89 Proceedings, ed. G. Brassard, vol.435 of Lecture Notes in Computer Science, pp.416--427, Springer-Verlag, 1990.

....the scheme s outcome (e.g. using Universal Hashing [33] and hiding the result using a non malleable scheme (e.g. a private key encryption or a pseudorandom function) Non malleability is not required in certain cases; see [119] 2. Hashing the message using a collision free scheme (cf. [41, 42]) and authenticating the result using a mac which operates on (short) fixed length strings [4] Three central paradigms in the construction of signature schemes are the refreshing of the effective signing key, the usage of an authentication tree and the hashing paradigm . The refreshing ....

I. Damgard. A Design Principle for Hash Functions. In Crypto89, Springer-Verlag Lecture Notes in Computer Science (Vol. 435), pages 416--427.

....the scheme s outcome (e.g. using Universal Hashing [43] and hiding the result using a non malleable scheme (e.g. a private key encryption or a pseudorandom function) Non malleability is not required in certain cases; see [166] 2. Hashing the message using a collision free scheme (cf. [55, 56]) and authenticating the result using a mac which operates on (short) fixed length strings [4] Three central paradigms in the construction of signature schemes are the refreshing of the effective signing key, the usage of an authentication tree and the hashing paradigm . The refreshing ....

I. Damgard. A Design Principle for Hash Functions. In Crypto89, Springer-Verlag Lecture Notes in Computer Science (Vol. 435), pages 416--427.

....of producing hash collisions that is provided by the definition of collision free hash functions. As far as is currently known, a stronger complexity assumption namely, the existence of claw free pairs of permutations is needed in order to prove the existence of these functions. See also [5] and [6] for further discussion of the theoretical properties of cryptographic hash functions. Universal one way hash functions were the tool used in order to construct a secure signature scheme. Our apparent need for a stronger assumption suggests a difference, perhaps an essential 8 one, ....

I. Damgard. A design principle for hash functions. In Advances in Cryptology---Crypto '89 (ed. G. Brassard), pp. 416-427. Springer-Verlag, LNCS, vol. 435, 1990.

....memory manipulations (load, store) However, our scheme needs much smaller table look up (key) and will be faster when same security is obtained. Similar to other proposals, this design provides only one block hashing. To hash arbitrary length messages, one can use Wegman Carter [20] or Damgard s [8] chaining method before encrypting the digest by one time pad. 5 Conclusion We constructed a Message Authentication Code (MAC) based on latin squares and showed that it is provably ffl secure. The design takes advantages of fast and easy implementation of a hash function family which needs a ....

I. B. Damgard, "A Design Principle for Hash Functions," in Advances in Cryptology, Proceedings of CRYPTO '89, vol. 435 of Lecture Notes in Computer Science (LNCS), pp. 416--427, Springer-Verlag, Aug. 1989.

....given. Some secure methods that require additional assumptions are also suggested. 1 Introduction Hash functions have been used for producing secure checksums since 1950 s. A hash function maps an arbitrary length message into a fixed length message digest, and can be used for message integrity [1, 5, 8]. For this purpose, a sender calculates the message digest of the transmitting message and sends it appended to the message. The receiver verifies the checksum by recalculating it from the received message and comparing it with the received checksum. Another application is for protection against ....

I. B. Damgard, "A Design Principle for Hash Functions," in Advances in Cryptology, Proceedings of CRYPTO '89, pp. 416--427, Oct. 1989.

....the UOW property of the compression function. This situation is quite different from the situation where we are constructing a composite hash function out of a CR compression function; in that situation, the composite hash function does indeed inherit the CR property from the compression function [3, 6]. Although the linear hash is quite simple, it is not very attractive from a practical point of view, as the key length for the composite scheme grows linearly with the message length. If the keys for the compression function are longer than the output length b of the compression function, then ....

I. Damgard. A design principle for hash functions. In Advances in Cryptology--Crypto '89, 1989.

....universal one way hash functions and collision intractable hash functions (or shortly UOHs and CIHs, respectively) In [Mer89] the former is called weakly and the latter strongly , one way hash functions respectively. Naor and Yung gave a formal definition for UOH [NY89] and Damgard gave for CIH [Dam89]. The definition for UOH to be given below is from [ZMI90a] ZMI90b] in which many other results, such as a construction for UOHs assuming the existence of one way quasi injections, are presented. Let and m be polynomials with (n) m(n) H be a family of functions defined by H = S n H n ....

....in [ZMI90a] ZMI90b] Of the results obtained in the two papers the most important is that one way hash functions in the sense of UOH EN [ exist iff those in the sense of UOH U exist. We end this section with a definition for CIH that corresponds to collision free function family given in [Dam89]. Let A, a collision pair finder , be a probabilistic polynomial time algorithm that on input h 2 H n outputs either or a pair of strings x; y 2 Sigma (n) with x 6= y and h(x) h(y) Definition 5 H is called a collision intractable hash function (CIH) if for each A, for each polynomial ....

[Article contains additional citation context not shown here]

I. Damgard, A design principle for hash functions, Presented at Crypto'89 (1989).

....input M of arbitrary finite length is divided into fixed length bit blocks M i . This preprocessing typically involves appending extra bits (padding) as necessary to attain an overall bit length which is a multiple m of the block length and often includes (for security reasons, see [3] and [4]) a block indicating the bit length of the unpadded input. Each block M i then serves as input to an internal fixed size function h, the compression function of hash, which computes a new intermediate result of bit length n for some fixed n, as a function of the previous n bit intermediate ....

.... on the so called MD4 initially proposed in [11] have received the greatest attention: MD5, 12] SHA 1, 13] RIPEMD 160, 14] HAVAL, 15] A quite different class of dedicated hash functions based on a particular linear finite state machines cellular automata have been reported in [4], 16] and [17] The one way hash function to be proposed below belongs to the class of dedicated one way hash functions, it is a development of the cellular automata approach, and it is suitable for hardware implementation. 2.3 Security of the One Way Hash Function Given a specific one way hash ....

[Article contains additional citation context not shown here]

I.B. Damgard, "A design principle for hash functions", Advances in Cryptology - CRYPTO 89, Lecture Notes in Computer Science, vol. 435, pp. 416-427, 1990.

....defined by X 0 . On the other hand it would be easy for Carla to cheat, if Bob couldn t verify that the distances he sees are the same as the corresponding values of a matrix M with h 2 = H(M ) The following construction is similar to the parallelized version of Damgard s hash function [1] and Merkle s tree authentication [6] To the author s knowledge, it is the first use of tree authentication in an identification scheme. The basic idea is to use the given hash function H for small inputs only. Let (x 1 ; xn ) with x i 2 f0; 1g l(n) be a large input; instead of H(x 1 ; ....

I. B. Damgard, A Design Principle for Hash Functions, in: Proc Crypto '89, Springer LNCS 435, 416--427.

....by applying an output transformation g to Hn , or Hash(IV; M) H = g(H t ) Note that the output transformation is often the identity function. The theoretical work on the security of hash functions has concentrated on the reduction of the security of Hash( Delta) to that of h( Delta; Delta) [5, 16, 19, 21]. For these reductions to work in practice, we need to append an additional block at the end of the input string which contains its length. This operation, proposed independently by R. Merkle [19] and I. Damgard [5] is known as MD strengthening. If MD strengthening is used, one can prove the ....

....of the security of Hash( Delta) to that of h( Delta; Delta) 5, 16, 19, 21] For these reductions to work in practice, we need to append an additional block at the end of the input string which contains its length. This operation, proposed independently by R. Merkle [19] and I. Damgard [5] is known as MD strengthening. If MD strengthening is used, one can prove the following connection between the security of a hash function and of its compression function. Theorem 1. Let Hash( Delta) be an iterated hash function with MD strengthening. Then preimage and collision attacks on ....

[Article contains additional citation context not shown here]

I.B. Damgard, "A design principle for hash functions," Advances in Cryptology, Proc. Crypto'89, LNCS 435, G. Brassard, Ed., Springer-Verlag, 1990, pp. 416--427.

....universal one way hash functions and collision intractable hash functions (or shortly UOHs and CIHs, respectively) In [Mer89] the former is called weakly and the latter strongly , one way hash functions respectively. Naor and Yung gave a formal definition for UOH [NY89] and Damgard gave for CIH [Dam89]. 5.3.1 Universal One Way Hash Functions Let H be a hash function compressing (n) bit input into n bit output strings, and E an ensemble with length (n) The definition for UOH is best described as a threeparty game. See also Figure 5.2. The three parties are S (an initial string supplier) G ....

....a collision intractable hash function (CIH) if for each A, for each polynomial Q, and for all sufficiently large n, PrfA(h) 6= g 1=Q(n) where h2RH n , and the probability PrfA(h) 6= g is computed over H n and the sample space of all finite strings of coin flips that A could have tossed. In [Dam89] (see also [Dam87] CIH is called collision free function family . Damgard obtained CIHs under the assumption of the existence of claw free pairs of permutations. In Chapter 6 we propose practical CIHs, the fastest of which compress nearly 2n bit long input into n bit long output strings by ....

[Article contains additional citation context not shown here]

I. Damgard: "A design principle for hash functions", Advances in Cryptology --- Crypto'89, Lecture Notes in Computer Science, Vol.435, Springer-Verlag, 1990, pp.416-427.

....a pair x 6= y of strings such that x collides with y. Naor and Yung constructed UOHs under the assumption of the existence of one way injections (i.e. one way one to one functions) NY89] and Damgard constructed CIHs under a stronger assumption, the existence of claw free pairs of permutations [Dam89]. In [NY89] Naor and Yung also presented a general method for transforming any UOH into a secure digital signature scheme. We are interested both in constructing UOHs under weaker assumptions and in relationships among various versions of one way hash functions. Our main results are summarized as ....

....universal one way hash functions and collision intractable hash functions (or shortly UOHs and CIHs, respectively) In [Mer89] the former is called weakly and the latter strongly , one way hash functions respectively. Naor and Yung gave a formal definition for UOH [NY89] and Damgard gave for CIH [Dam89]. In this section, a formal definition for UOH that is more general than that of [NY89] is given. We feel our formulation more reasonable. This will be explained after the formulation is introduced. CIH will be treated in later sections. Let be a polynomial with (n) n, H be a family of ....

[Article contains additional citation context not shown here]

I. Damgard: "A design principle for hash functions", Presented at Crypto'89, 1989.

....is odd. 3) Paper [FHK 88] includes an idea which can be used to adapt our techniques to the case where m is prime and a window of successive bits of the x i s is announced. We find the details too technical to be included in the present paper. 3. 2 Cryptanalysis of Damgard s hash function In [Dam89] Damgard proposed to base a hash function on a knapsack compression function using 256 (non modular) numbers a i of size 120 bits. His idea was to divide the message to be hashed into blocks of 128 bits, and to apply to following process: ffl Start with a fixed initial value on 128 bits. ....

I. Damgard. A design principle for hash functions. In Advances in Cryptology, Proceedings of Crypto'89, volume 435 of Lecture Notes in Computer Science, pages 25--37, New York, 1989. Springer-Verlag.

....2 1 DGA CELAR 2 ENS LIENS Abstract. In this paper, we show that lattice reduction is a very powerful tool to find collision in knapsack based compression functions and hash functions. In particular, it can be used to break the knapsack based hash function that was introduced by Damgard [3] 1 Introduction The knapsack problem, is a well know NP complete problem that can quite easily be used to construct cryptosystems or hash functions. Thus many cryptographic functions have been based on this problem, however, lattice reduction is a very powerful tool to break knapsack based ....

....44 5 5.5s 45 5 5.6s 46 6 6.3s 47 2 7.5s 48 3 7.5s 49 2 7.6s 50 2 8.2s 51 1 8.8s 52 2 8.8s 53 3 9.0s 54 3 10.8s 55 0 11.3s 56 0 10.9s 57 1 12.2s 58 1 12.5s 59 2 13.1s 60 0 14.6s 61 0 14.4s 62 0 16.3s 63 1 15.0s 64 0 17.4s 65 0 17.9s Fig. 3. Results using LLL 6 Attacking Damgard hash function In [3], Damgard proposed to base an hash function on a knapsack compression function using 256 non modular numbers of size 120 bits. This roughly corresponds to a compression rate of 1=2. However, in general, finding collisions for a hash function is harder than in for the corresponding compression ....

I. Damgard. A design principle for hash functions. In Advances in Cryptology, Proceedings of Crypto'89, volume 435 of Lecture Notes in Computer Science, pages 25--37, New York, 1989. Springer-Verlag.

....particular, it gives a formal definition for CIH, one of the aforementioned two kinds of one way functions. It also presents a method for constructing CIHs from claw free pairs of permutations, whose existence implies that of one way permutations and hence that of one way functions. 2. 2 Reference [Dam89] It presents two ways (a serial one and a parallel one) of compressing arbitrarily long input strings into fixed length output strings, given a CIH that compresses input strings into output ones that are only one bit shorter than the input ones. 2.3 Reference [NY89] This is the first paper that ....

I. Damgard: "A design principle for hash functions", Presented at Crypto'89, 1989.

No context found.

I. Damgard, A Design Principle for Hash Functions, In Crypto '89, pages 416-427, 1989. LNCS No. 435.

No context found.

I. Damgard, "A design principle for hash functions," Proc. of CRYPTO 89, pp. 416--427, 1989.

....Hash Functions Including Cryptanalysis of Damgard s One Way Function Based on a Cellular Automaton Joan Daemen, Ren e Govaerts and Joos Vandewalle Katholieke Universiteit Leuven, Laboratorium ESAT, Kardinaal Mercierlaan 94, B 3001 Heverlee, Belgium. Abstract At Crypto 89 Ivan Damgard [1] presented a method that allows one to construct a computationally collision free hash function that has provably the same level of security as the computationally collision free function with input of constant length that it is based upon. He also gave three examples of collision free functions ....

....and a collision free function with an output shorter than its input by CF function in the sequel. A function that takes an input of fixed length to an output of fixed length that is shorter than the input will be denoted by FI function . A CF function is a special case of a FI function. In [1] a construction is given where finding a collision for the hash function yields a collision for the underlying CF function. Hence the hash function is provably as secure as the CF function. This reduces the design to that of the CF function. It is widely believed that this is much easier. In our ....

[Article contains additional citation context not shown here]

I. Damgard, Design Principles for Hash Functions, in Advances in Cryptology: Proceedings of Crypto '89, 416--427, Springer-Verlag,1990.

No context found.

I. Damgard. A design principle for hash functions. In G. Brassard, editor, Advances in Cryptology -- CRYPTO '89, volume 435 of Lecture Notes in Computer Science. Springer-Verlag, 1990.

No context found.

I. B. Damgard. A design principle for hash functions. Lecture Notes in Computer Science 435 (1990), 416--427 (CRYPTO '89).

No context found.

I. Damgard. A Design Principle for Hash Functions, In Advances in Cryptology -- Crypto'89, Springer-Verlag, 1990.

No context found.

I. Damgard, Design Principles of Hash Functions, Crypto '89, Springer-Verlag. 13

No context found.

Damgard, I.: A design principle for hash functions, In Advances in Cryptology -- CRYPTO '89, LNCS 435, Springer-Verlag, 1990.

No context found.

I. Damgard, Design Principles of Hash Functions. Crypto '89, LNCS n435, pp. 416--427, Springer-Verlag. 19

No context found.

I. Damgard. A Design Principle for Hash Functions. In 416--427. Springer-Verlag, 1990.

No context found.

Damgard, "A design principle for hash functions," Advances in Cryptology--Crypto 89 Proceedings, Springer-Verlag, 1989.

No context found.

I. Damgard. A design principle for hash functions. Crypto 89, LNCS 435, pp. 416-- 427.

No context found.

I. Damgard: "A design principle for hash functions", Presented at Crypto'89, 1989.

No context found.

I.B. Damgard. A design principle for hash functions. In Gilles Brassard, editor, Advances in Cryptology - Crypto' 89, LNCS, pages 416--426. Springer-Verlag, 1989.

No context found.

I. Damgard. A design principle for hash functions. In G. Brassard, editor, Advances in Cryptology -- CRYPTO '89, volume 435 of Lecture Notes in Computer Science. Springer-Verlag, 1990.

No context found.

I. Damgard, A design principle for hash functions, Presented at Crypto'89 (1989).

No context found.

I. Damgard. A design principle for hash functions. In G. Brassard, editor, Advances in Cryptology -- CRYPTO '89, volume 435 of Lecture Notes in Computer Science. Springer-Verlag, 1990.

No context found.

I. Damgard: "A design principle for hash functions", Presented at CRYPTO'89, 1989.

No context found.

I. B. Damgard. A Design Principle for Hash Functions. In Advances in Cryptology-CRYPTO '89, volume 435 of Lecture Notes in Computer Science, pages 416-427. Springer-Verlag, 1989.

No context found.

I. B. Damgard. A design principle for hash functions, Advances in Cryptology - Crypto'89, Lecture Notes in Computer Sciences, Vol. 435, Springer-Verlag, pp. 416427, 1989.

No context found.

I. Damgard, "A Design Principle for Hash Functions", Proc. CRYPTO '89, 1989.

No context found.

I. Damgard, "A Design Principle for Hash Functions", Proc. CRYPTO '89, 1989.

No context found.

I.B. Damgard, "A design principle for hash functions," Advances in Cryptology, Proc. Crypto'89, LNCS 435, G. Brassard, Ed., Springer-Verlag, 1990, pp. 416--427.

No context found.

I.B. Damgard, "A design principle for hash functions", Advances in Cryptology - CRYPTO 89, Lecture Notes in Computer Science, vol. 435, pp. 416-427, 1990.

No context found.

I.B. Damgard, "A design principle for hash functions," Proc. Crypto'89, LNCS 435, Springer-Verlag, 1990, pp. 416--427.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC