Content deleted Content added
m Reverted 1 edit by 24.125.68.252 identified as test/vandalism using STiki |
m →Construction from block ciphers: removed redundant sentence |
||
Line 60:
If a block cipher has a [[Block size (cryptography)|block size]] of say 128 bits single-block-length methods create a hash function that has the block size of 128 bits and produces a hash of 128 bits. Double-block-length methods make hashes with double the hash size compared to the block size of the block cipher used. So a 128-bit block cipher can be turned into a 256-bit hash function.
These methods are then used inside the Merkle-Damgård construction to build the actual hash function. These methods are described in detail further down.
Using a block cipher to build the one-way compression function for a hash function is usually somewhat slower than using a specially designed one-way compression function in the hash function. This is because all known secure constructions do the [[Key schedule|key scheduling]] for each block of the message. Black, Cochran and Shrimpton have shown that it is impossible to construct a one-way compression function that makes only one call to a block cipher with a fixed key.<ref>John Black, Martin Cochran, and Thomas Shrimpton. ''On the Impossibility of Highly-Efficient Blockcipher-Based Hash Functions.'' Advances in Cryptology -- EUROCRYPT '05, Aarhus, Denmark, 2005. The authors define a hash function "highly efficient if its compression function uses exactly one call to a block cipher whose key is fixed".</ref> In practice reasonable speeds are achieved provided the key scheduling of the selected block cipher is not a too heavy operation.
| |||