[tahoe-dev] modification of "100 year cryptography" project proposal
Jack Lloyd
lloyd at randombit.net
Mon Apr 19 14:53:11 UTC 2010
On Mon, Apr 19, 2010 at 07:18:14PM +0800, yu xue wrote:
> Due to the particular feistel structure and operations of Comb4P, a problem
> as pointed by Jack is that how to properly handle hashes with different
> sized outputs such as combiner of SHA-256 and whirlpool-512. A *half
> thought* is that maybe it need to limit the equal digest size of the
> underlying hash, otherwise it need to give a warning or error prompt. Since
> many mainstream hash functions have multi-versions, commonly including 224,
> 256, 384 and 512, when incompatibility occurs it could prompt using another
> compatible version. If unfortunately it doesn??t have compatible version,
> then we need give an error prompt or using other methods such as truncation
> etc.
One interpretation that _may_ work:
In all cases, when we are combining the two hash outputs, then we are
XORing into one of the two sides. If we are XORing a short value into
a long one, then XOR the entire value, leaving the last bytes
unchanged. If we are XORing the long value into the short value, then
truncate, only XORing the first bytes.
So for instance if combining MD5 (16 bytes) and Whirlpool (64 bytes),
in the first round we XOR the first 16 bytes of the Whirlpool output
into the MD5 output (essentially, truncating Whirlpool). Then in the
second round we hash the MD5-xor-Whirlpool-128 value with both MD5 and
Whirlpool. These hashes are XORed into the original Whirlpool output,
so we xor the entire MD5 and Whirlpool outputs without truncation.
Then in the third round we truncate Whirlpool again when it goes into
the shorter MD5 side.
At the level of treating this as a generic unbalanced Feistel cipher,
this seems OK. However I haven't read enough of the thesis to be sure
if this is a valid decision in terms of preserving the Comb4P
properties we want.
Obviously if both hashes have the same output size then this is a
non-issue.
It would also be interesting to find out/study what properties Comb4P
maintains under truncation of the final output.
-J
More information about the tahoe-dev
mailing list