0

Plaintext(binary) : 10101100 //very short for easy understanding

Suppose we have 4 predefined schemes/functions,

  1. rotate (101 -> 011)
  2. flip (1101 -> 1011)
  3. exchange (11011 -> 10111)
  4. stretch (1100 -> 11001100)

We create a function that checks for '0' or '1' in each position of plaintext(binary)

function in simple terms, (suppose plaintext in binary 10101100)

  1. Bit at position 1 is 1, so perform rotate() on plaintext.
  2. Bit at position 2 is 0, don't perform flip() operation.
  3. Bit at position 3 is 1, so perform exchange() on output of step 1.
  4. Bit at position 4 is 0, don't perform stretch operation.
  5. Bit at position 5 is 1, so perform rotate() on output of step 3.
  6. Bit at position 6 is 1, so perform flip() on output of step 5.
  7. Bit at position 7 is 0, don't perform exchange().
  8. Bit at position 8 is 0, don't perform stretch().

In this the output would be dependent on the input, hence it may serve as a hash to the plaintext. These functions are just for example, more complex functions may be used. I've used just 4 functions however more functions can be used.

I don't know if this is already the logic in existing hashing schemes but had this thought in mind. Will this work as a proper hashing scheme? (I suppose no)

2 Answers2

1

I don't recommend inventing your own hashing algorithm unless if you are knowledgeable and careful. The available hashing functions are good SHA 3 was chosen based on an open competition, you may just use it.

I don't see a point of coming up with a new hash function.

Nayef
  • 215
  • 1
  • 7
0

I don't think it were a good hash, although I think it is reparable.

1.

The first thing which we can find on the spot, as @BobBrown said: hash functions create a fixed-length result from a variable-length input. Your function does exactly the opposite.

A possible fix: you segment the output and simply XOR the segments together.

2.

Both of rotate and flip are special cases of permutation, maybe you had to go in this direction?

3.

Simply execute these functions isn't enough! The power of the hash (and similar crypto) functions happen only if you execute the permutation / substitution loops many (at least 16-32) times! And so isn't always impossible that somebody maybe find a crack. You had especially watch the possibility of the birthday attack, although after 10 years of postdoc crypto research you will have probably much better ideas to crack a such algorithm, too.

4.

Your hash based on turning on/off different transformations. Thus, some of your hashes won't even execute a single (or at most 2) of your trafos. In these cases, your hash will be very easily crackable (probably even by pure eye).

A possible fix: change your algorithm, instead of turning on/off the trafos, turn them always in, but mix their parameters.

5.

In your case I forgot the scretch, executed your algorihtm many times, and used a xor-based (or much complexer) overlapping, to provide the fixed output size.

6.

If your hash is ready, use a lot of analysis! Check for:

  • distributions of randomly created hashes are enough "equal" (randomly)
  • changing a single bit in the input should change mean half the bits in the output, and the changed bits should distribute also randomly.

These are trivial things, on crypto SE you could get much better tips too.

peterh
  • 390
  • 5
  • 18