a) high-level view (b) detailed view original input arbitrary length input hash function h preprocessIng iterated append padding bits compresson function append length bbck fixed length output formatted input I optional out put iterated processing transformation compressIoN function utput utput h(a)=g(H
16
Iterated hash function Processing Let iv be an initial value of length m Compute the following Z1∈ compress(zoll y) Z< compress(-‖y) 17
17 Iterated hash function Processing Let IV be an initial value of length m. Compute the following: – z 0 IV – z 1 compress(z0 || y1 ) – … – … – z r compress(zr-1 || yr )
Iterated hash function Output Let g: 0, 1m>(0, 1] be a public function The iterated hush function is: h(x =glz) So the hush function is h: Ui=m+ +1 0,1]> 01y
18 Iterated hash function Output Let g: {0,1}m → {0,1}l be a public function. The iterated hush function is: h(x)= g(zr ) So the hush function is h: Ui = m+t+1 {0,1}i → {0,1}l
Merkle- damgard hash function Transforms a collision resistant compression function compress 01yrt>0,1y m to a collision resistant hash function U1=m+1{0,1y→0,1ym 19
19 Merkle - Damgard hash function Transforms a collision resistant compression function: – compress: {0,1}m+t → {0,1}m to a collision resistant hash function. – Ui = m+t+1 {0,1}i → {0,1}m
Why is merkle-Damgard needed? The need for collision-resistant hashing has been a long-time goal of modern cryptography. The problem: find a hash function that has An input of variable lengt an output of fixed length
20 ❖The need for collision-resistant hashing has been a long-time goal of modern cryptography. ❖The problem: find a hash function that has: ❖An input of variable length; ❖An output of fixed length. Why is Merkle-Damgard needed?