[1524] in cryptography@c2.net mail archive
Double-width hashes?
daemon@ATHENA.MIT.EDU (Colin Plumb)
Thu Sep 18 10:59:26 1997
Date: Thu, 18 Sep 1997 04:55:55 -0600 (MDT)
From: Colin Plumb <colin@nyx.net>
To: cryptography@c2.net
Does anyone know any good double-width hash constructions (based on
a single-width hash)? Sometimes 80 bits of birthday resistance just
isn't enough, and it would be nice to have a provem result on how
to build a wider one.
I've had some pointers to a butterfly construction, one where you have
to halves to your input (d1,d2) and two halves to the hash (h1,h2)
and you compute
h1' = hash(h1,d1) + hash(h2,d2)
h2' = hash(h1,d2) + hash(h2,d1)
... but I haven't seen any results on the subject. Do I have to prove
them myself?
Thanks for any pointers.
--
-Colin
