===>>GO TO THE STORE<<=== п»їHow is the MJH double-block-length hash function constructed?
I'm looking for information on the MJH double-block-length hash function, but the best free source I could find is the diagram on page 18 of Efficient hashing using the AES Instruction Set (submitted to the ECRYPT II Hash Workshop 2011). Is source code available for this function? What are the standard symbols used (M, V, Z) when describing hash functions?
22.7k 7 7 gold badges 80 80 silver badges 117 117 bronze badges.
asked Sep 10, 2011 at 13:18.
561 5 5 silver badges 13 13 bronze badges.
$\begingroup$ I'll elaborate this to an answer later (if not someone else does it first), but here about the meanings of the symbols used in the diagram (as I understand them): n is the block size of the block cipher, k the key size. M and V are inputs to the compression function (M typically being one message block, V the state of the hash function), Z is the output (same size as V, and the new state of the hash function). $\endgroup$
Sep 11, 2011 at 1:01.
1 Answer 1.
$\begingroup$
I had a look at the paper introducing the MJH construction (MJH: A Faster Alternative to MDC-2).
It actually presents a different diagram than the one in the paper Efficient hashing using the AES Instruction Set your referenced – there $V_2$ and $M$ are swapped. I'll describe the original one here, and the variation below.
The core of MJH is a compression function, using a similar construction like the JH hash function (one of the SHA-3 finalists), hence the name.
The JH construction.
Given a (non-compressing) function $F : \ ^ \to \^$ , we define the compression function $JH[F] : \^ \to \^$ as $JH[F](V_1, V_2, M) := (Z_1, Z_2)$ , with $(X_1, X_2) = (V_1, V_2 \oplus M)$ , $(Y_1, Y_2) = F(X_1, X_2)$ and $(Z_1, Z_2) := (Y_1 \oplus M, Y_2)$ .
In the JH hash function, F is a specially-made (fixed) permutation.
MJH's $F[\sigma, \theta]$
Given a $n$ -bit-blockcipher $E$ with keysize $k = n$ , $\sigma : \^ \to \^n$ an involution (i.e. $\sigma \circ \sigma = \mathrm$ ) without fixed point (i.e. $\sigma(X) \neq X$ ) – an example would be an XOR with a non-zero constant –, and $\theta \in \mathbb_ \setminus\$ a constant (so multiplication with $\theta$ is another non-trivial permutation).
We define $F[\sigma, \theta] : \^ \to \^$ as $F(X, K) = (L, R)$ , with $L = E_K(X) \oplus X$ and $R := \theta(E_K(\sigma(X)) \oplus \sigma(X) ) \oplus X$ .
(The $E_K(X) \oplus X$ part is essentially the Davies-Meyer construction to make it one-way, even if $K$ is known. It is actually used twice here.)
The final Hash function.
Combining these ideas, we get our compression function $\tilde F[\sigma, \theta] := JH[F[\sigma, \theta]] : \^ \to \^$ .
We then apply the known Merkle–Damgård caining construction on this compression function, receiving our final hash function $H[\sigma, \theta] = MD[\tilde F[\sigma, \theta]]$ .
(This image is from Wikimedia Commons, the others are made by me.)
In practice we now also have to choose some specific $\sigma$ and $\theta$ , a specific block cipher, as well as an initialization vector and padding for MD - the security proof still applies for all of them (if the block cipher is good).
Longer key variant.
The paper also describes a variant of the compression function to be used when the key length $k$ is greater than the block size $n$ . Then we use message blocks of size $k$ , and split these blocks into two parts $z, z'$ . $z$ (of size $n$ )is used as before to be XOR'ed into the left half of the state before encryption and right half after, while $z'$ (of size $k-n$ ) is appended to the right half of the state to form the key for the block cipher.
By using a larger (hash) block size, this longer variant can be more efficient than the original one.
The variant depicted in Efficient Hashing.
For $n = k$ , this is the same compression function as the original one, but it is used in a different way in the MD-construction: Here the message blocks are passed in the key position, instead of being XOR'ed into the parts of the state before and after encryption. (This XOR'ing instead uses one half of the original state.)
This gives a more obvious generalization into the $k \geq n$ case, as we don't have to split the message block and compose the key, but simply can pass the longer key to the block cipher.
I didn't check if the proofs given in the MJH paper also apply to this variant, though, and I don't know which version the authors of Efficient Hashing actually measured.
shisha pricebuy horney goat weed plantscbd oil for sale in canada5 pounds of weed priceog skywalker pricebuy thc carts illinoisage to buy weed in njlamont's bishops house perth cbdprice of weed per quarterandromeda strain tv series onlinecheap dab radio tescohow to get medical marijuana card in tampashisha tabacco buy onlinelockheed martin skunk works storetesco store dab radiosfumo shisha buybuy concentrated thcweed shop 3 employeeshash oil pen onlinemarijuana anonymous podcastcan i purchase marijuana in tennesseeweed shop withcan you buy weed seeds in the united statesportable dab radios for salegorilla glue 60ml wholesalebubble hash machine for sale ukhow to get a medical marijuana card on long islandmarijuana anonymous ithacastrain energy stored in simply supported beamdispensary prices for weedthc oil for sale australiaoil rig for dabs salenorthern lights limited to santa's train workshopmr bean coffee shop bangidab radio cd players best buyweed cart battery for salewhere can you buy roundup weed killermota smart ring buytime ordered hashnorthern lights strain clones for salebuy cannabis seeds online australiawatermelon gelato strain pricehobby shop melbourne cbdmedical marijuana farm for saleshisha store londoncrystal rock candy pops wholesaleacapulco gold weed pricecan i buy weed on dcbuy cali weed australiabuy cannabis vodka online uk Medical marijuana doctor online ohioThc vaporizer pen for sale 1Cheap parking sydney cbd weekendIslamic relief charity shop bangiLegal high weed for saleDon t ever buy no weed from the gas station gifMiinot gelato pricesShopping centre near melbourne cbdCan you buy recreational weed in new york cityBc northern lights bloom box priceOrder weed in australia
Вход
Регистрация
FAQ
Поиск
