ISO/IEC 10118-2, Information technology - Security techniques - Hash-functions; Part 2: Hash functions using an n-bit block-cipher algorithm, 1994.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....iso 9796 2 is a generic padding standard allowing total or partial message recovery. Hash functions of different sizes are acceptable and parameter L (in the standard k h ) is consequently a variable. Section 5, note 4 of [22] recommends 64 L 80 for total recovery (typically an iso 10118 2 [23]) and 128 L 160 for partial recovery. Partial message recovery. For simplicity, assume that N , L and the size of m are all multiples of eight and that the hash function is known to both parties. The message m = m[1] Delta m[2] is separated into two parts where m[1] consists of the N Gamma L ....

ISO/IEC 10118-2, Information technology - Security techniques - Hashfunctions; Part 2 : Hash functions using an n-bit block-cipher algorithm, 1994.

....is for the complexities of attacks to be substantially greater than those for single block length hash functions. One such scheme, MDC2 [3] was developed by Brachtl et al. 11] for use in combination with DES; its generalization to an arbitrary block cipher is included in ISO IEC 10118 2 [9]. It is believed that the complexities for preimage and collision attacks on MDC 2 are about 2 3m=2 and 2 m , respectively. However, the hash rate of MDC 2 is only 1 2, i.e. the hash function takes two DES encryptions per message block. This implies that MDC 2 is at least twice as slow as the ....

ISO-10118, Information Technology --- Security techniques --- Hash-functions, part1: General and part2: Hashfunctions using an n-bit block cipher algorithm. ISO/IEC, 1994.

.... ment for these hashfuncti4D i for thecomplexi[03 of attacks to be substantista greater than those for si23E block length hashfunctiD02 One such scheme, MDC [3] was developed by Brachtl et al. 11] for use i combi2CC47 wi2 DES;iS generali2[07O to anarbi trary blockci3P4 i i3P4P2 i ISO IEC 10118 [9]. It i beliP ed that thecomplexi[PC forpreiPCP and colliPWO attacks on MDC are about 3m 2 and m , resp ely. However, the hash rate of MDC i only 1 ,iCWD the hashfuncti4 requi4 two DES encryptiry per message block.Thi iiEW4 that MDC i at least twiC as slow as theunderlyi[ blockci44E4 In ....

ISO-10118, "Information Technology---Security techniques ---Hash-functions, part1: General and part2: Hashfunctions using an n-bit block cipher algorithm," ISO/IEC, 1994.

....about 2 m encryptions. Later it was shown that there exist essentially two secure single block length hash functions in this model, and that 12 different schemes can be obtained by applying a linear transformation to the inputs [24] One of these schemes has been specified in ISO IEC 10118 [12]. Since most block ciphers have a block length of m = 64 bits, the need for double block length hash functions became apparent. The goal of these constructions is to achieve a security level against brute force collision attacks of at least 2 m encryptions. Three main classes of hash functions ....

.... practical case of DES, m = 64, but the key is only 56 bits long; a collision search requires then only 2 55 encryptions for both schemes, and a preimage can be obtained after 2 83 respectively 2 109 encryptions [22] A further generalization of MDC 2 has been included in ISO IEC 10118 [12]. Merkle s schemes, the best of which has rate 0.276 (for a 64 bit block cipher with a 56 bit key) 19] A security proof is given which assumes that the 1 This scheme was apparently known to Meyer and Matyas ca 1979. underlying single block length hash function is secure. If DES is used, ....

ISO/IEC 10118, "Information technology -- Security techniques -- Hash-functions, Part 1: General and Part 2: Hash-functions using an n-bit block cipher algorithm," IS 10118, 1994.

....= 1; 2; n; 1) where H 0 is a specified initial value. We will write H = Hash(H 0 ; M) to show explicitly the dependence on H 0 . The function h will be called the hash round function. For message data whose total length in bits is not a multiple of l, one can apply deterministic padding [5, 10] to the message to be hashed by (1) to increase the total length to a multiple of l. For iterated hash functions, we distinguish the following five attacks: 1. Target attack: Given H 0 and M , find M 0 such that M 0 6= M but Hash(H 0 ; M 0 ) Hash(H 0 ; M) 2. Free start target attack: ....

....which can be done reasonably fast using today s technology. Therefore, much research has been done to construct hash functions with a block length of 2m bits based on the concatenation of two variants of the DM scheme. One such scheme, the MDC 2 [9, 11] will be published as an ISO standard [5]. A systematic method proposed in [4] to analyze such hash functions is to consider the following general form of double length round functions. General form of the 2m bit round function with rate 1: H 1 i = EA (B) Phi C H 2 i = ER (S) Phi T (3) where, for a rate 1 scheme, A, B and C ....

ISO/IEC DIS 10118, Information technology -- Security techniques -- Hash-functions, Part 2: Hash-functions using an n-bit block cipher, I.S.O., 1993.

....requirements for double block length hash functions based on an m bit block cipher are that the complexity of a target attack is higher than 2 m and that the complexity of a collision attack is higher than 2 m=2 . Recently, one such scheme has been submitted for publication as an ISO standard [4], also known as the MDC 2. It is believed that the complexities for target and collision attacks on MDC 2 based on DES is about 2 81 and 2 54 [5] where m above is 64. Since the hash rate of the MDC 2 is only 1=2, i.e. the hash function takes two encryptions per message block, attempts have ....

ISO/IEC 10118, Information technology -- Security techniques -- Hash-functions, Part 2:Hash-functions using an n-bit block cipher, I.S.O., 1994.

No context found.

ISO/IEC 10118-2, Information technology - Security techniques - Hash-functions; Part 2: Hash functions using an n-bit block-cipher algorithm, 1994.

No context found.

ISO/IEC 10118-2, Information technology - Security techniques - Hash-functions; Part 2: Hash functions using an n-bit block-cipher algorithm, 1994.

No context found.

ISO/IEC 10118-2, Information technology - Security techniques - Hash-functions; Part 2: Hash functions using an n-bit block-cipher algorithm, 1994.

No context found.

ISO/IEC 10118-2, Information technology - Security techniques - Hash-functions; Part 2: Hash functions using an n-bit block-cipher algorithm, 1994.

No context found.

ISO/IEC 10118-2, Information technology - Security techniques - Hash-functions; Part 2: Hash functions using an n-bit block-cipher algorithm, 1994.

No context found.

ISO/IEC 10118-2, Information technology - Security techniques - Hash-functions; Part 2: Hash functions using an n-bit block-cipher algorithm, 1994.

No context found.

ISO/IEC 10118-2, Information technology - Security techniques - Hash-functions; Part 2: Hash functions using an n-bit block-cipher algorithm, 1994.

No context found.

ISO/IEC 10118-3: 1998, Information technology --- Security techniques --- Hashfunctions --- Part 3: Dedicated hash-functions.

No context found.

ISO/IEC 10118-2, Information technology - Security techniques - Hash-functions; Part 2: Hash functions using an n-bit block-cipher algorithm, 1994.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC