Results 1 
7 of
7
HAVAL  A OneWay Hashing Algorithm with Variable Length of Output
, 1993
"... A oneway hashing algorithm is a deterministic algorithm that compresses an arbitrary long message into a value of specified length. The output value represents the fingerprint or digest of the message. A cryptographically useful property of a oneway hashing algorithm is that it is infeasible to fi ..."
Abstract

Cited by 51 (17 self)
 Add to MetaCart
A oneway hashing algorithm is a deterministic algorithm that compresses an arbitrary long message into a value of specified length. The output value represents the fingerprint or digest of the message. A cryptographically useful property of a oneway hashing algorithm is that it is infeasible to find two distinct messages that have the same fingerprint. This paper proposes a oneway hashing algorithm called HAVAL. HAVAL compresses a message of arbitrary length into a fingerprint of 128, 160, 192, 224 or 256 bits. In addition, HAVAL has a parameter that controls the number of passes a message block (of 1024 bits) is processed. A message block can be processed in 3, 4 or 5 passes. By combining output length with pass, we can provide fifteen (15) choices for practical applications where different levels of security are required. The algorithm is very efficient and particularly suited for 32bit computers which predominate the current workstation market. Experiments show that HAVAL is 60%...
SWIFFT: A Modest Proposal for FFT Hashing
"... We propose SWIFFT, a collection of compression functions that are highly parallelizable and admit very efficient implementations on modern microprocessors. The main technique underlying our functions is a novel use of the Fast Fourier Transform (FFT) to achieve “diffusion, ” together with a linear ..."
Abstract

Cited by 28 (10 self)
 Add to MetaCart
We propose SWIFFT, a collection of compression functions that are highly parallelizable and admit very efficient implementations on modern microprocessors. The main technique underlying our functions is a novel use of the Fast Fourier Transform (FFT) to achieve “diffusion, ” together with a linear combination to achieve compression and “confusion. ” We provide a detailed security analysis of concrete instantiations, and give a highperformance software implementation that exploits the inherent parallelism of the FFT algorithm. The throughput of our implementation is competitive with that of SHA256, with additional parallelism yet to be exploited. Our functions are set apart from prior proposals (having comparable efficiency) by a supporting asymptotic security proof: it can be formally proved that finding a collision in a randomlychosen function from the family (with noticeable probability) is at least as hard as finding short vectors in cyclic/ideal lattices in the worst case.
Black Box Cryptanalysis of Hash Networks Based on Multipermutations
 EUROCRYPT'94, LNCS 950
, 1994
"... Black box cryptanalysis applies to hash algorithms consisting of many small boxes, connected by a known graph structure, so that the boxes can be evaluated forward and backwards by given oracles. We study attacks that work for any choice of the black boxes, i.e. we scrutinize the given graph struct ..."
Abstract

Cited by 26 (3 self)
 Add to MetaCart
Black box cryptanalysis applies to hash algorithms consisting of many small boxes, connected by a known graph structure, so that the boxes can be evaluated forward and backwards by given oracles. We study attacks that work for any choice of the black boxes, i.e. we scrutinize the given graph structure. For example we analyze the graph of the fast Fourier transform (FFT). We present optimal black box inversions of FFTcompression functions and black box constructions of collisions. This determines the minimal depth of FFT compression networks for collisionresistant hashing. We propose the concept of multipermutation, which is a pair of orthogonal latin squares, as a new cryptographic primitive that generalizes the boxes of the FFT. Our examples of multipermutations are based on the operations circul
FFTHashII is not yet Collisionfree
, 1992
"... . In this paper, we show that the FFTHash function proposed by Schnorr [2] is not collision free. Finding a collision requires about 2 24 computation of the basic function of FFT. This can be done in few hours on a SUN4workstation. In fact, it is at most as strong as a oneway hash function whic ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
. In this paper, we show that the FFTHash function proposed by Schnorr [2] is not collision free. Finding a collision requires about 2 24 computation of the basic function of FFT. This can be done in few hours on a SUN4workstation. In fact, it is at most as strong as a oneway hash function which returns a 48 bits length value. Thus, we can invert the proposed FFT hashfunction with 2 48 basic computations. Some simple improvements of the FFT hash function are also proposed to try to get rid of the weaknesses of FFT. History The first version of FFTHashing was proposed by Schnorr during the rump session of Crypto'91 [1]. This function has been shown not to be collision free at Eurocrypt'92 [3]. An improvement of the function has been proposed the same day [2] without the weaknesses discovered. However, FFTHashing has still some other weaknesses as it is proved in this paper. 1 FFTHashII, Notations The FFThash function is built on a basic function ! : ? which takes one 128b...
Parallel FFTHashing
, 1994
"... We propose two families of scalable hash functions for collisionresistant hashing that are highly parallel and based on the generalized fast Fourier transform (FFT). FFThashing is based on multipermutations. This is a basic cryptographic primitive for perfect generation of diffusion and confusion ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
We propose two families of scalable hash functions for collisionresistant hashing that are highly parallel and based on the generalized fast Fourier transform (FFT). FFThashing is based on multipermutations. This is a basic cryptographic primitive for perfect generation of diffusion and confusion which generalizes the boxes of the classic FFT. The slower FFThash functions iterate a compression function. For the faster FFThash functions all rounds are alike with the same number of message words entering each round.
Design principles for dedicated hash functions
 LECTURE NOTES IN THE COMPUTER JOURNAL, 2007 COMPUTER SCIENCE
, 1994
"... Dedicated hash functions are cryptographically secure compression functions which are designed specifically for hashing. They intend to form a practical alternative for hash functions based on another cryptographic primitive like a block cipher or modular squaring. About a dozen of dedicated hash ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Dedicated hash functions are cryptographically secure compression functions which are designed specifically for hashing. They intend to form a practical alternative for hash functions based on another cryptographic primitive like a block cipher or modular squaring. About a dozen of dedicated hash functions have been proposed in the literature. This paper discusses the design principles on which these hash functions are based.
Provably secure FFT hashing
 2nd NIST Cryptographic Hash Function Workshop
, 2006
"... We propose a new family of collision resistant hash functions with the distinguishing feature of being provably secure. The main technique underlying our functions is a novel use of the Fast Fourier Transform to achieve ideal “diffusion ” properties, together with a random linear function to achieve ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
We propose a new family of collision resistant hash functions with the distinguishing feature of being provably secure. The main technique underlying our functions is a novel use of the Fast Fourier Transform to achieve ideal “diffusion ” properties, together with a random linear function to achieve compression and “confusion”. Our functions admit fast implementation both in hardware and software, but are set apart from previous proposals (based on similar building blocks) in the literature by a supporting security proof: it can be formally proven that (asymptotically) finding collisions to our functions (for keys chosen uniformly at random) with nonnegligible probability is at least as hard as solving certain lattice problems in the worst case. Our proposal and techniques are based on previous work by Micciancio (FOCS