Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [compression-function]

A compression function takes two fixed-size inputs: a chaining value and a message and returns a fixed-size value.

In cryptography, a one-way compression function is a function that transforms two fixed-length inputs into a fixed-length output. The transformation is "one-way", meaning that it is difficult given a particular output to compute inputs which compress to that output.

One-way compression functions are not related to conventional data compression algorithms, which instead can be inverted exactly (lossless compression) or approximately (lossy compression) to the original data.

32 questions
14
votes
2 answers

Why was Davies–Meyer chosen over Miyaguchi–Preneel most of the time?

The only Miyaguchi–Preneel MD hash I know is Whirlpool. I suppose there are likely others. Why do most MD hashes choose Davies–Meyer? If anything, Davies–Meyer relies on related-key resistance while Miyaguchi–Preneel relies on chosen-plaintext…
MikeDav77741
  • 173
  • 5
11
votes
1 answer

Which compression functions are PRFs?

In a 2006 paper Bellare showed that HMAC remains secure even if collision resistance for MD5/SHA-1 is broken as long they are still PRFs. The Wikipedia article on cryptographic hash functions mentions that In practice, collision resistance is…
Elias
  • 4,933
  • 1
  • 16
  • 32
7
votes
1 answer

SNARK-friendly one-way compression functions

I'm looking for a one-way compression function that is secure and efficient within a zk-SNARK circuit. The motivation behind this comes from these considerations: SHA256-compression is highly inefficient for SNARKs The Pedersen hash function is…
1077
  • 171
  • 2
6
votes
1 answer

Fast irreversible transformation/compression of short messages using a secret

I'm looking for a very fast function $f(m, k) $ that takes a 64-bit integer $m$ and a fixed secret key $k$ of virtually any size (generated by a CSPRNG) and turns them into a 64- or 32-bit integer $ r $, with a few additional requirements: $ r $…
Nee
  • 63
  • 4
5
votes
2 answers

What is the difference between data compression and compression in cryptographic algorithms?

What is the differences between data compression as used in e.g. the ZIP protocol and compression as performed in cryptographic hashes? Are there common properties as well, apart from creating a smaller representation of the data?
Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
4
votes
2 answers

How can a collision be generated in this hash function by inverting the encryption?

This is from Joan Daemen's Doctoral thesis Per page 64 (or PDF page 79) 4.7.1 Our approach Our goal is the design of simple and portable unkeyed and keyed cryptographic hash functions that are hermetic.The basic principle of our approach is derived…
user93353
  • 2,348
  • 3
  • 28
  • 49
4
votes
0 answers

Which compression functions are MACs?

The original HMAC paper based the security proof on the fact that the compression function of the Hash is already a MAC (appropriately keyed). How does this relate to common assumptions for compressions functions? Is it required to show security of…
Elias
  • 4,933
  • 1
  • 16
  • 32
3
votes
0 answers

A "concatenation-like" cryptographic operation that has a fixed output?

I am designing a cryptographic protocol, and I was wondering whether or not there exists a simple cryptographic operation $\diamond$ that is: Associative: $(x\diamond y)\diamond z = x \diamond(y\diamond z)$ Non-commutative: $x\neq y \Rightarrow…
ithisa
  • 1,111
  • 1
  • 10
  • 23
3
votes
1 answer

For a hash over a finite space without size reduction, is a public permutation sufficient?

Suppose the application is a Lamport signature scheme. Is the following a secure hash $\{0,1\}^n \rightarrow \{0,1\}^n$? $$ H(x) = x \oplus P(x) $$ where $P$ is a public permutation that permutes an input of length $n$.
MikeDav77741
  • 173
  • 5
3
votes
1 answer

Is it possible to apply a pseudo-random permutation (a keyed permutation) to construct a sponge function?

The description of the sponge function on Crypto.Stackexchange contains the following text The cryptographic sponge is a construction scheme for hash functions (and other symmetric primitives) based on an unkeyed permutation. But is it possible to…
lyrically wicked
  • 1,379
  • 7
  • 11
3
votes
2 answers

Does there exist an “almost-ideal” compression function to compress an arbitrarily long bitstring into a single pseudo-random (unbiased) byte?

I need a function $F$ that compresses an arbitrary (unbounded from above) number of bytes into a single byte. The goal is creating a single unpredictable byte from an arbitrary bitstring. Here are the requirements: Pseudo-randomness: the…
lyrically wicked
  • 1,379
  • 7
  • 11
2
votes
0 answers

Is the concatenation of one-way compression functions one-way?

Given two independently keyed compression functions $h_1$ and $h_2$: $h_b(x): \{0,1\}^{3n} \to \{0,1\}^{n}$, where $b \in \{1,2\}$. Let $h(x) = h_1(x) \| h_2(x)$. Given at least one of $h_1$ and $h_2$ is a one-way function, is $h$ one-way? Attempt…
ambiso
  • 706
  • 4
  • 13
2
votes
1 answer

Is it possible to make use of a pseudo-random permutation to construct a one-way compression function?

Let $f_k(B)$ denote the underlying function (a pseudo-random permutation) of a block cipher: it uses an $x$-bit key $k$ to encrypt an $y$-bit block $B$. The question: is it possible to make use of $f_k(B)$ to construct a cryptographically secure…
lyrically wicked
  • 1,379
  • 7
  • 11
2
votes
2 answers

Optimal compression ratio in compression function

So we'll have a transform that maps any of $A=2^a$ possible inputs to $B=2^b$ possible outputs. $a$ is generally fixed as the number of bits in the input, and $b$ is determined by the transform used. We'll name the difference $d=a-b$. There's 3 main…
EPICI
  • 359
  • 2
  • 7
2
votes
1 answer

What is the logic behind Compress function in iterated hash function

I am working on cryptographic hash functions theorems. In the iterated hash functions part a specific word started appearing constantly: "Compress" for instance within the "compress function". I am trying to find out what the logic is behind this…
Bala Subrahmanyam
  • 29
  • 2
1
2 3