Questions tagged [compression-function]
A compression function takes two fixed-size inputs: a chaining value and a message and returns a fixed-size value.
29
questions
2
votes
2
answers
195
views
CRYSTALS-Kyber Compress and Decompress function role
I was reading CRYSTALS-Kyber design. They have used compress_q(x,d) to scale an element of $\mathbb{Z}_q$ to $[ 0,1,...,2^d-1 ]$. The definitions of ...
1
vote
0
answers
83
views
Input/Output size of compression functions
I know that DES has 56 independent key bits, and that 3DES has 168 independent key bits by using 3 separate 56-bit DES keys. 3DES also has a block size of 64 bits.
If I use 3DES as the underlying ...
0
votes
0
answers
52
views
Cryptanalyzing a hash compression function
I'm designing a hash function which uses a double-tree construction and a compression function $c(s,A,B,C,a)$ ($s$ and $a$ may be omitted when there's only one of them) where
$s$ is a set of three ...
2
votes
1
answer
139
views
Recommended output filter for Rumba20 [closed]
Rumba20 is a compression function that maps a 192-byte (1536-bit) string to a 64-byte (512-bit) string. It's designed to provide collision resistance by using Salsa20 (or ChaCha20) with the ...
0
votes
1
answer
112
views
Iterated hash functions
In this image, It describes the basic idea of an iterative hash function. I am confused as to why the i value is set to be m+t+1 ...
2
votes
0
answers
73
views
Is there any standard extension of the Merkle-Damgård transform that handles arbitrary-length inputs?
I have seen multiple sources claim that the Merkle-Damgård transform is able to build a collision-resistant Hash-function $H$ for arbitrary-length inputs from a compression function $h : \{0,1\}^n \to ...
2
votes
1
answer
83
views
Is a compression function call the same as invoking the hash function itself?
In BLAKE2X paper it is said:
BLAKE2X adds a constant overhead of $\lceil\ell/64\rceil$ (resp. $\lceil\ell/32\rceil$ compression function calls compared to the underlying 64-bit (resp. 32-bit) BLAKE2 ...
6
votes
1
answer
404
views
Fast irreversible transformation/compression of short messages using a secret
I'm looking for a very fast function $f(m, k) $ that takes a 64-bit integer $m$ and a fixed secret key $k$ of virtually any size (generated by a CSPRNG) and turns them into a 64- or 32-bit integer $ r ...
4
votes
2
answers
568
views
How can a collision be generated in this hash function by inverting the encryption?
This is from Joan Daemen's Doctoral thesis
Per page 64 (or PDF page 79)
4.7.1 Our approach
Our goal is the design of simple and portable unkeyed and keyed
cryptographic hash functions that are ...
5
votes
2
answers
2k
views
What is the difference between data compression and compression in cryptographic algorithms?
What is the differences between data compression as used in e.g. the ZIP protocol and compression as performed in cryptographic hashes? Are there common properties as well, apart from creating a ...
1
vote
0
answers
180
views
"Reversing" SHA256 [duplicate]
Let's say I give you the sha256 hash of my password, which I'll call X.
Now, the sha256 algorithm is a one-way function, meaning you can give it some input and get an output, but you can't get the ...
0
votes
1
answer
349
views
Xor'ing sha256 words instead of adding
In sha-256, when the words go through the compression function, they get added to the previous hash. In case of the first 64 rounds, they get added to the initial words ($\bmod 2^{32}$ of course). ...
1
vote
0
answers
249
views
Idea behind internal SHA-2 functions
In the SHA-2 family, specifically SHA-256, there are functions called Sigma0 and Sigma1, which look like this:
...
0
votes
1
answer
193
views
An unusual use-case for HMAC as compression function in web browsers
It's an unfortunate fact that, right now (2019), browsers don't expose standardized streaming hashing interfaces in SubtleCrypto. The only way to hash a file, is to ...
3
votes
0
answers
104
views
A "concatenation-like" cryptographic operation that has a fixed output?
I am designing a cryptographic protocol, and I was wondering whether or not there exists a simple cryptographic operation $\diamond$ that is:
Associative: $(x\diamond y)\diamond z = x \diamond(y\...