|
|
|
|
|
|
by afiori
631 days ago
|
|
|
The properties I am thinking of are strong and weak collision resistance, there are other relevant properties to hash functions (like every bit being about independent of every other bit, but I care less about those). > If your construction is H0(m0) + H1(m1) Here if H0 has a weak collision attack and H1 has a strong collision attack and + is xor or addition the i see how H0(m0) + H1(m1) can be vulnerable. > H0(H1(m)) has the security of just H0 I believe it has the security of just H1, but my construction was very different; it was H0(H1(m) || H2(m)). (I used + as concatenation, I forgot that it is usually written as ||) Here you would need strong collision attacks on all three hash functions (including an attack on H0 that is limited to very short messages of a fixed size. |
|
|