Travis H. writes:
> Excellent point. When I wrote that I had strongly
universal hashes in
> mind, like UMAC, where the hash is chosen from a family
of functions
> based on some secret data shared by sender and
recipient. I
> mistakenly conflated them with ordinary hashes (which
they are, once
> you pick one). Thanks for catching that.
A point of terminology, strong universal hash functions are
different
than what you are probably thinking of.
UMAC is a MAC, not a SU hash function. It uses an almost-SU
hash function
in its construction, but that's different.
Universal hashes and their variants (see
http://www.cacr.math.uwaterloo.ca/~d
stinson/universalhashingdefinitions.html
for a bibliography) are actually *weaker* than conventional
hashes.
They can, in fact, be completely linear. While you are
right that the
hash is typically part of a parameterized family, once you
pick one you
do not get an ordinary hash. You are more likely to get an
ordinary
polynomial that will not serve at all well as a crypto hash.
Hal Finney
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomo metzdowd.com
|