3

I need a cryptographic hash function that will hopefully be strong even in 50 years. Performance is not an issue. Calculating and verifying can take a huge amount of time if needed. The size of the hash can be huge too (let's say up to 10MB). Collisions are not a big threat. I mainly want it to be second-preimage-resistant.

Of course I have no problem using one or more existing hashes.

My first thought was:

$h'(x) := h(a_1 \parallel x) \parallel h(a_2 \parallel x) \parallel h(a_3 \parallel x) \parallel \dots$

where $a_n$ are known prefixes. But I don't know how good it is. If $h$ is md4, how hard is it to find a second preimage to $h'$?

Other ideas?

Patriot
  • 3,162
  • 3
  • 20
  • 66
ashidc
  • 43
  • 3

2 Answers2

3

As mentioned in the comments, an existing 512 bit hash is quite likely to be sufficient.

However, if you are truly paranoid (and want to protect yourself against potential cryptographical breakthroughs), the obvious thing to do is rely on several cryptographically distinct hash functions concatinated together. For example:

$$H(x) = SHA2\text{-} 512(x) | SHA3\text{-}512(x) | Whirlpool(x)$$

By concatinating them together, we ensure that any second-preimage attack would have to be a second-preimage attack on all three; all three are (to the best of our knowledge) individually secure (actually, overkill). And, the internals of the three are sufficiently different that it appears quite unlikely that a cryptographical attack on one would apply to the other two.

poncho
  • 154,064
  • 12
  • 239
  • 382
-1

Err, 50 years?

You can't. You're predicting the future. These are also predictions of the future. I truly believe that the flame throwing snow ploughs are right around the corner.

Total future proof security does exists as a concept. One time pads and secret sharing are informationally secure, which means for all time. That's why we still use one time pads for diplomatic messages. Consider this polynomial hash then. But given the earlier link, how do we convince anyone that a security metric of $2^{-32}$ or even $2^{512}$ can't be overcome. I didn't say brute forced, I said overcome. Re-linearisation, the Algomorov technique, parallel quantum computing, mathematical advances and flame throwers demonstrate that we can't see more than a few years into the future. Cough, cough I feel really hot...

Remember:-

"I think there is a world market for about five computers."

-- Thomas J Watson, President IBM.

Paul Uszak
  • 15,905
  • 2
  • 32
  • 83