Method of building fast MACS from hash functions
First Claim
1. In an iterated hash function operation in data encryption and authentication, a method of performing a compression function Hi =f(Hi-1, Xi) to an input data block Xi having a plurality of data segments Xi [j], each data segment being of a predetermined bitlength of p, p being a positive integer and Hi being an updated chaining variable of Hi-1, the invention being characterized in that the compression function comprises multiple iterated internal steps, and each internal step comprises:
- (i) a preparing step of introducing working variables to a data segment;
(ii) a keying step of introducing a subkey K1 or a portion thereof to a predetermined constant y to generate a key dependent constant; and
(iii) a processing step of treating the prepared data segment with the key dependent constant.
11 Assignments
0 Petitions
Accused Products
Abstract
Hash functions are important in modern cryptography. Main applications are their use in conjunction with digital signature schemes and message authentication. Hash functions, commonly known as message authentication codes (MACs), have received widespread use in practice for data integrity and data origin authentication. New and inventive ways of building fast MACs from hash functions involve keyed hash functions in which secret keys are used at certain locations of the compression process and the keys are also hashed.
-
Citations
25 Claims
-
1. In an iterated hash function operation in data encryption and authentication, a method of performing a compression function Hi =f(Hi-1, Xi) to an input data block Xi having a plurality of data segments Xi [j], each data segment being of a predetermined bitlength of p, p being a positive integer and Hi being an updated chaining variable of Hi-1, the invention being characterized in that the compression function comprises multiple iterated internal steps, and each internal step comprises:
-
(i) a preparing step of introducing working variables to a data segment; (ii) a keying step of introducing a subkey K1 or a portion thereof to a predetermined constant y to generate a key dependent constant; and (iii) a processing step of treating the prepared data segment with the key dependent constant. - View Dependent Claims (2, 3)
-
-
4. In a method of generating a message authentication code for a message X which comprises steps of dividing X into Xi data blocks, i=1 to t and t being an integer, each data block being a predetermined number of bits long and data block Xt having padding bits if needed, the invention being characterized in further steps of:
-
(a) generating a data block Xt+1 of the predetermined number of bits long under a subkey K2 ; (b) appending data block Xt+1 to data block Xt ; (c) performing iteratively a compression function Hi =f(Hi-1, Xi) to data blocks Xi for i=1 to t+1 to generate an n-bit chaining variable Hi, each data block having p-bit data segments Xi [j], p being a positive integer and Hi being an updated chaining variable of Hi-1, the compression function comprising multiple iterated internal steps in that each internal step comprises; (i) a preparing step of introducing working variables to a data segment, (ii) a keying step of introducing a subkey K1 or a portion thereof to a predetermined constant y to generate a key dependent constant, and (iii) a processing step for treating the prepared data segment with the key dependent constant; and (d) transforming the final chaining variable Ht+1 to an m-bit final output g(Ht+1), which is the message authentication code for message X, where m and n are positive integers and m≦
n. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification