bramgawth.com

• Next message: Dennis Peters: "Real Estate and Business Owners #7ABD"
• Previous message: Paulo S. L. M. Barreto: "Re: Rijndael & NTRU"
• Next in thread: Jim Gillogly: "Re: AES as a hash function?"
• Reply: Jim Gillogly: "Re: AES as a hash function?"
• Reply: Paulo S. L. M. Barreto: "Re: AES as a hash function?"
• Reply: David Wagner: "Re: AES as a hash function?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The announcement didn't mention Rijndael's applicability as a hash
function. I thing I remember mention in earlier AES documents that it
should be resistant to 'related key attacks' and thus usable as a hash
function in some specific mode, who's name I have forgotten.

There's also UHASH, which is specified in the UMAC document, which is
another way of building a hash function out of the AES:

http://www.cs.ucdavis.edu/~rogaway/umac/draft-krovetz-umac-00.txt

The main problem with UHASH (which I believe can be keyed with all zeros
to make a nice general hash function) is that it involves a bunch of
32-bit multiplies, and hence is efficient only on 32-bit machines. It's
parameterizable but that causes alternative version problems.

UHASH is also strictly 128-bit, it would be nice for there to be 256-bit,
384-bit, and 512-bit versions as well, to keep parity with the AES.

So, does anyone have any thoughts as to what hash algorithms to use? It
would be nice to move up to a new one - it seems kinda silly to be using a
128-bit block encryption algorithm with a 160-bit hash function.

-Bram Cohen

• Next message: Dennis Peters: "Real Estate and Business Owners #7ABD"
• Previous message: Paulo S. L. M. Barreto: "Re: Rijndael & NTRU"
• Next in thread: Jim Gillogly: "Re: AES as a hash function?"
• Reply: Jim Gillogly: "Re: AES as a hash function?"
• Reply: Paulo S. L. M. Barreto: "Re: AES as a hash function?"
• Reply: David Wagner: "Re: AES as a hash function?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]