2010 Reports : Cryptology ePrint Archive Forum

**Re: One Question of 2010/384**

**Re: One Question of 2010/384**

**Re: One Question of 2010/384**

**Re: One Question of 2010/384**

Discussion forum for Cryptology ePrint Archive reports posted in 2010.
Please put the report number in the subject.

One Question of 2010/384

Posted by: **kyqf** (IP Logged)

Date: 01 December 2010 16:55

If the Ideal random compression functions C is always chosen and kept as a surjective function namely a onto mapping,what about the conclusion?

Posted by: **kyqf** (IP Logged)

Date: 02 December 2010 13:06

The writer of 2010/384 gives a conclusion that a narrow-pipe hash function will lose the entropy and the codomain will Reduce.However,the ideal random compression function C is designated by the writer as non-surjective function,if an ideal random compression functions C can always be a surjective function,are those inferences( on narrow-pipe hash functions ) still real?

Posted by: **wai2ha** (IP Logged)

Date: 24 December 2010 16:49

A new text 2010/652 can thwart the conclusions on narrow-pipe hash functions.

Edited 1 time(s). Last edit at 30-Dec-2010 10:50 by wai2ha.

Edited 1 time(s). Last edit at 30-Dec-2010 10:50 by wai2ha.

Posted by: **wai2ha** (IP Logged)

Date: 28 January 2011 13:08

One of the key questions is that processing the last block with additional bits in a normal iterative hash function,there's the entropy of CV_(L-1) only n bits,namely a n-bit domain X maps to a n-bit codomain Y,the probability of empty set is approximately

e^(-1).

e^(-1).

Posted by: **wai2ha** (IP Logged)

Date: 27 March 2011 06:32

We can always only use one surjection round in the last iteration to recovere the domain $X$ by a sum block $ÓM_(L-1)$(assume the message was L- blocks),whenever the previous reductions were great or not.For the last iteration of a narrow-pipe hash function,the active domain $X$ is at least 2^2n ,then it's the case that the ideal random functions W map the

domain of (n+w)-bit strings $X = {0,1}^(n+w )$ to the domain $Y = {0,1}^n$ ,the probability of empty set is about $e^(-2^w)$,where $w>2n-n=n$.

So,a narrow pipe hash function can easily be amend by a sum block $ÓM_(L-1)$,and the same question in MAC can also be done.I'll expound on 2010/652 before toolong.

domain of (n+w)-bit strings $X = {0,1}^(n+w )$ to the domain $Y = {0,1}^n$ ,the probability of empty set is about $e^(-2^w)$,where $w>2n-n=n$.

So,a narrow pipe hash function can easily be amend by a sum block $ÓM_(L-1)$,and the same question in MAC can also be done.I'll expound on 2010/652 before toolong.

Please log in for posting a message. Only registered users may post in this forum.