[25676] in cryptography@c2.net mail archive
Re: picking a hash function to be encrypted
daemon@ATHENA.MIT.EDU ("Hal Finney")
Mon May 15 20:19:28 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: ekr@rtfm.com, solinym@gmail.com
Cc: cryptography@metzdowd.com
Date: Mon, 15 May 2006 16:11:39 -0700 (PDT)
From: hal@finney.org ("Hal Finney")
Travis H. writes:
> Excellent point. When I wrote that I had strongly universal hashes in
> mind, like UMAC, where the hash is chosen from a family of functions
> based on some secret data shared by sender and recipient. I
> mistakenly conflated them with ordinary hashes (which they are, once
> you pick one). Thanks for catching that.
A point of terminology, strong universal hash functions are different
than what you are probably thinking of.
UMAC is a MAC, not a SU hash function. It uses an almost-SU hash function
in its construction, but that's different.
Universal hashes and their variants (see
http://www.cacr.math.uwaterloo.ca/~dstinson/universalhashingdefinitions.html
for a bibliography) are actually *weaker* than conventional hashes.
They can, in fact, be completely linear. While you are right that the
hash is typically part of a parameterized family, once you pick one you
do not get an ordinary hash. You are more likely to get an ordinary
polynomial that will not serve at all well as a crypto hash.
Hal Finney
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
