1996-07-18 - Making encoding out of an authentication cipher

Header Data

From: EVERHART@Arisia.GCE.Com
To: cypherpunks@toad.com
Message Hash: 1343631798f5b0d7cd979befa34c06dff6908075d709b98877530c8aa76b6320
Message ID: <960717193622.5e@Arisia.GCE.Com>
Reply To: N/A
UTC Datetime: 1996-07-18 02:33:46 UTC
Raw Date: Thu, 18 Jul 1996 10:33:46 +0800

Raw message

From: EVERHART@Arisia.GCE.Com
Date: Thu, 18 Jul 1996 10:33:46 +0800
To: cypherpunks@toad.com
Subject: Making encoding out of an authentication cipher
Message-ID: <960717193622.5e@Arisia.GCE.Com>
MIME-Version: 1.0
Content-Type: text/plain


Had an interesting thought, maybe worth passing on for commentary.

(...since "authentication" ciphers are considered "harmless" by
those interested in spying on your info...)


Suppose you have a secure hash function H(msg) that delivers a random
long period set of hash bits for msg, which is computationally infeasible
to invert and such that the value of H(msg) depends very sensitively on
all bits of msg. These things are used for authentication and tend to be
all over the world.

Now suppose I have a key and apply the following transform, where "+"
will mean binary exclusive OR.

Cipher:
H(key) + M(1)	   = C(1)
H(key+M(1)) + M(2) = C(2)
H(key+M(2)) + M(3) = C(3)

and so on where M(n) is the message and C is the enciphered message.

Decipher:

H(key)      + C(1)  = M(1)
H(key+M(1)) + C(2)  = M(2)
H(key+M(2)) + C(3)  = M(3)

and so on.

If the hash function is cryptographically strong, is this or is this not
a strong cipher? Are there fast hash functions around?

Note that in doing disk encryption, one has also the disk block number
available, and even the offset in block, to be stuffed into the hash function
if one wants. In a serial message one has offset in message also. The only
piece of nontrivial software needed to implement it is the hash function
itself, which has been claimed to be useful only for authentication. If this
scheme is at all strong, the distinction is shown to be fairly useless.

I thought of this a couple days ago...thought I might ask if anyone knows
any of the answers. I do not, and am not knowledgeable in this area, save
VERY casually.







Thread