[146565] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: [Cryptography] Hashes into Ciphers

daemon@ATHENA.MIT.EDU (Jerry Leichter)
Wed Sep 4 13:16:59 2013

X-Original-To: cryptography@metzdowd.com
From: Jerry Leichter <leichter@lrw.com>
In-Reply-To: <20130904104933.23b2ddd6@jabberwock.cb.piermont.com>
Date: Wed, 4 Sep 2013 11:18:55 -0400
To: "Perry E. Metzger" <perry@piermont.com>
Cc: =?iso-8859-1?Q?Far=E9?= <fahree@gmail.com>,
	Cryptography Mailing List <cryptography@metzdowd.com>,
	radix42@gmail.com, Richard Salz <rich.salz@gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com

This first publication of differential cryptanalysis was at CRYPTO'90.  I highly doubt Karn analyzed his construction relative to DC.  (His post certainly makes no mention of it.)

At first glance - I certainly haven't worked this through - it should be straightforward to construct a hash will all kinds of desirable *hash* properties that would, in Karn's construction, produce a cipher highly vulnerable to DC.  (That is:  This is not a safe *generic* construction, and I'm not sure exactly what requirements you'd have to put on the hash in order to be sure you got a DC-resistant cipher.)
                                                        -- Jerry

On Sep 4, 2013, at 10:49 AM, "Perry E. Metzger" <perry@piermont.com> wrote:

> On Wed, 4 Sep 2013 10:37:12 -0400 "Perry E. Metzger"
> <perry@piermont.com> wrote:
>> Phil Karn described a construction for turning any hash function
>> into the core of a Feistel cipher in 1991. So far as I can tell,
>> such ciphers are actually quite secure, though impractically slow.
>> 
>> Pointers to his original sci.crypt posting would be appreciated, I
>> wasn't able to find it with a quick search.
> 
> Answering my own question
> 
> https://groups.google.com/forum/#!original/sci.crypt/tTWR2qIII0s/iDvT3ptY5CEJ
> 
> Note that Karn's construction need not use any particular hash
> function -- he's more or less simply describing how to use a hash
> function of any sort as the heart of a Feistel cipher.
> 
> Perry
> -- 
> Perry E. Metzger		perry@piermont.com
> _______________________________________________
> The cryptography mailing list
> cryptography@metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
home help back first fref pref prev next nref lref last post