012 - )3 2 4 5 62 + ) # $ 7 8 & 9 / - 4 ): 2 ; 0)2 0< 5 + )< - NIST
SHA-160: A Truncation Mode for SHA256
(and most other hashes)
John Kelsey, NIST Halloween Hash Bash 2005
1
What's a Truncation Mode?
? Rule for chopping bits off a hash output
? We have a big hash fn we trust,
Like SHA256
? We need a smaller hash output
Like 160 bits
? We need to specify how this is done
? Interoperability and security reasons
2
Why Do We Need One?
? Need drop in replacement for SHA1 (MD5?) ? Have unbroken hashes of wrong size
? ECDSA/DSA key sizes ? File and protocol formats
? Obvious approach: Truncate SHA256/SHA512
? This has been done before: Snefru, Tiger, SHA384, SHA224
3
Our Proposal in a Nutshell
H(X,M) = hash M from initial value X
? Start with different IV for each truncation length n: n has fixed-length representation IVTn = H(IV xor 0xccc...c,n)
? Run bigger hash normally HTn(m) = truncate(H(IVTn, m),n)
? Generic: Any n, many big hashes
? (Rivest comment to SHA224)
4
Intuition: Why should this be okay?
? If hash "good", seems like truncation should be good, too.
? Fits our intuition about hash functions ? Easy proof in Random Oracle Model ? Prior art suggests other people agree
? So, is intuition correct here?
5
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- ol s 000 00 y 5 3 6 8 5 8 8 0 a s 0 00 ld 1 2 9 4 6 1 8
- 0 1 2 2 3 4 2 5 6 7 0 8 9 1 4 5
- 0 5 8 2 9 8 10 6 4 0 5 7
- 7 8 5 6 4 9 5 6 4
- 2 5 0 4 dvklqjwrq 6 8 5 7 6 1 1 2 0 0
- 0 2 3 14 5 7 6 8 9 grohe
- o v e r a l l g k s s d r a k s m 2 0 2 2 r 1 6 r e s u l t s 2 0 2 2
- 0 12 3 4 5 2 6 7 2 5 0
- 3 7 9 0 1 0 5 ¬« us forest service
- 012 3 2 4 5 62 7 8 9 4 2 0 2 0 5 nist