New MD6 hash function
MD6 is a variable-bit hash algorithm developed by Prof. Ronald Rivest of the Massachusetts Institute of Technology in September 2008. Designed to create fingerprints or message digests of arbitrary length. It is proposed to replace the less perfect MD5. According to the authors, the algorithm is resistant to differential cryptanalysis. MD6 is not sufficiently resistant to collisions of the first kind. It is used to authenticate published messages by comparing the digest of a message with a published one. This operation is called "hash check" (hashcheck).
The predecessor (MD5) was created in 1991, when the frequency of conventional processors was no more than 33MHz. It had to display a binary string of arbitrary length into a string of size d, to be resistant to collisions, to finding preimages, and to be pseudo-random.
After its hacking, the American Institute of Standards and Technology (NIST) announced a competition to create the SHA-3 hash function.
The new MD6 function is supposed to be demonstrably resistant to differential cryptanalysis (with which MD5 was cracked).
The developers used original ideas in the design of the hash function. Thus, the size of a data block processed at a time will be 512 bytes (and not a bit), which makes it difficult to carry out many attacks, gives a gain in parallelization.
In the development, instead of the traditional design of Damgard-Mercle, compression using tree structures was used. At the node of each tree is a compressing function 4-1 (similar to the Merkle trees with mini compression functions). For small processors, instead of the hierarchical structure of trees, a sequential one can be used.
MD6 also supports 512-bit hashing. Various design features (numbering of tree nodes, root and z-bits at the entrance to the sub-functions) protect the function from insertion and expansion attacks. The nonlinearity of the function is achieved using only three simplest operations: XOR, addition and shift with constants.
')
The number of rounds of the function is unusually large: r = 40 + (d / 4) . So for the 256 release will require 104 rounds, and for 512 - 168 rounds! At the same time, MD6-512 is one and a half times slower than SHA2-512 on 32-bit platforms and almost four times by 6
MD6 on Wikipedia
Presentation shown on Crypto 2008
The predecessor (MD5) was created in 1991, when the frequency of conventional processors was no more than 33MHz. It had to display a binary string of arbitrary length into a string of size d, to be resistant to collisions, to finding preimages, and to be pseudo-random.
After its hacking, the American Institute of Standards and Technology (NIST) announced a competition to create the SHA-3 hash function.
The new MD6 function is supposed to be demonstrably resistant to differential cryptanalysis (with which MD5 was cracked).
The developers used original ideas in the design of the hash function. Thus, the size of a data block processed at a time will be 512 bytes (and not a bit), which makes it difficult to carry out many attacks, gives a gain in parallelization.
In the development, instead of the traditional design of Damgard-Mercle, compression using tree structures was used. At the node of each tree is a compressing function 4-1 (similar to the Merkle trees with mini compression functions). For small processors, instead of the hierarchical structure of trees, a sequential one can be used.
MD6 also supports 512-bit hashing. Various design features (numbering of tree nodes, root and z-bits at the entrance to the sub-functions) protect the function from insertion and expansion attacks. The nonlinearity of the function is achieved using only three simplest operations: XOR, addition and shift with constants.
')
The number of rounds of the function is unusually large: r = 40 + (d / 4) . So for the 256 release will require 104 rounds, and for 512 - 168 rounds! At the same time, MD6-512 is one and a half times slower than SHA2-512 on 32-bit platforms and almost four times by 6
MD6 on Wikipedia
Presentation shown on Crypto 2008
Source: https://habr.com/ru/post/45849/
All Articles