Question regarding Cryptographic Hash ...

TheMSsForum.com: The Microsoft Software Forum

Sorry for posting this purely theoritical question in this forum. Members
may say that this question better suited to be posted in any other
newsgroups. Since, I am not clear where exactly to post this question, and
this forum also deals with security, I have posted it here. With a thought,
that many members must be knowing in details of Hashing algorithm they use,
here goes the question:

I was asked a question in B-Level exams for Network security. Long after 6
months, the question still remain unanswered to me. I am very interested for
getting answer for this question. Can you please elaborate on this ?

-------------------
Consider the random cipher model with random variables M, C and K for plain
text, cipher text and key, respectively. Give an interpretation in
cryptographic terms of this equation:
H(M,C) = H(M) + H(C)

Also specify an example of a cryptosystem, which has this property.
-------------------

As far as I know, this is computing Hash of M and C separately and
cancatinating them. Also, it claims that when a Hash is computed with M and
C (combined), it is same as the cancatination. Is it possible given the
rules of strong hash functions?

Anyway, the above was my Interpretation, please let me know the Experts
comments on this.

Thanks,

*(Vipul)() ;
Top

Re: Question regarding Cryptographic Hash ... by Valery

Valery
Tue Jul 11 04:26:57 CDT 2006

Hi,

H(m,c) = H(m)+H(c) is apparently notation for homomorphic encryption,
where + is placeholder for group operation (Google for homomorphic
encryption and you'll find tons of resources).

both raw RSA and raw ElGammal has homomorphic properties - eg. with raw
RSA (no padding)

e(m*c) = e(m)*e(c)

Example of another homomorphic cryptosystem is Pailier cryptosystem
that is often used for electronic voting, because it is homomorphic to
addition
(i.e.)

e(m+c) = e(m)+e(c)

cryptographic hash is a combination of compression function with
padding. If we only speak of compression function than it is also kind
of "homomorphic" to the message expansion, i.e. if you take compression
function and feed it with concatenation of two blocks, it is the same
as sequential application of compression function to the first and the
second blocks.
But as I wrote it already - cryptographic hash is a combination of
compression function with padding, and when compression function is
used together with f.e. Merkle-Damgaard construction/padding, we are
guaranteed against this (otherwise hash would be totally broken for
cryptographic purposes)

-Valery.
http://www.harper.no/valery

P.S. regarding "e(m*c) = e(m)*e(c)" - we all know that e=m*c^2 ;-)

Vipul Pathak wrote:
> Sorry for posting this purely theoritical question in this forum. Members
> may say that this question better suited to be posted in any other
> newsgroups. Since, I am not clear where exactly to post this question, and
> this forum also deals with security, I have posted it here. With a thought,
> that many members must be knowing in details of Hashing algorithm they use,
> here goes the question:
>
> I was asked a question in B-Level exams for Network security. Long after 6
> months, the question still remain unanswered to me. I am very interested for
> getting answer for this question. Can you please elaborate on this ?
>
> -------------------
> Consider the random cipher model with random variables M, C and K for plain
> text, cipher text and key, respectively. Give an interpretation in
> cryptographic terms of this equation:
> H(M,C) = H(M) + H(C)
>
> Also specify an example of a cryptosystem, which has this property.
> -------------------
>
> As far as I know, this is computing Hash of M and C separately and
> cancatinating them. Also, it claims that when a Hash is computed with M and
> C (combined), it is same as the cancatination. Is it possible given the
> rules of strong hash functions?
>
> Anyway, the above was my Interpretation, please let me know the Experts
> comments on this.
>
> Thanks,
>
> *(Vipul)() ;

Top

Re: Question regarding Cryptographic Hash ... by Vipul

Vipul
Tue Jul 11 10:05:27 CDT 2006

Thanks a lot Valery ... :-)

Is there any example CyrptoSystem which use this property .... I guess no
...

Regards,

*(Vipul)() ;


"Valery Pryamikov" <valery@harper.no> wrote in message
news:1152610017.398636.292590@m79g2000cwm.googlegroups.com...
> Hi,
>
> H(m,c) = H(m)+H(c) is apparently notation for homomorphic encryption,
> where + is placeholder for group operation (Google for homomorphic
> encryption and you'll find tons of resources).
>
> both raw RSA and raw ElGammal has homomorphic properties - eg. with raw
> RSA (no padding)
>
> e(m*c) = e(m)*e(c)
>
> Example of another homomorphic cryptosystem is Pailier cryptosystem
> that is often used for electronic voting, because it is homomorphic to
> addition
> (i.e.)
>
> e(m+c) = e(m)+e(c)
>
> cryptographic hash is a combination of compression function with
> padding. If we only speak of compression function than it is also kind
> of "homomorphic" to the message expansion, i.e. if you take compression
> function and feed it with concatenation of two blocks, it is the same
> as sequential application of compression function to the first and the
> second blocks.
> But as I wrote it already - cryptographic hash is a combination of
> compression function with padding, and when compression function is
> used together with f.e. Merkle-Damgaard construction/padding, we are
> guaranteed against this (otherwise hash would be totally broken for
> cryptographic purposes)
>
> -Valery.
> http://www.harper.no/valery
>
> P.S. regarding "e(m*c) = e(m)*e(c)" - we all know that e=m*c^2 ;-)
>
> Vipul Pathak wrote:
> > Sorry for posting this purely theoritical question in this forum.
Members
> > may say that this question better suited to be posted in any other
> > newsgroups. Since, I am not clear where exactly to post this question,
and
> > this forum also deals with security, I have posted it here. With a
thought,
> > that many members must be knowing in details of Hashing algorithm they
use,
> > here goes the question:
> >
> > I was asked a question in B-Level exams for Network security. Long after
6
> > months, the question still remain unanswered to me. I am very interested
for
> > getting answer for this question. Can you please elaborate on this ?
> >
> > -------------------
> > Consider the random cipher model with random variables M, C and K for
plain
> > text, cipher text and key, respectively. Give an interpretation in
> > cryptographic terms of this equation:
> > H(M,C) = H(M) + H(C)
> >
> > Also specify an example of a cryptosystem, which has this property.
> > -------------------
> >
> > As far as I know, this is computing Hash of M and C separately and
> > cancatinating them. Also, it claims that when a Hash is computed with M
and
> > C (combined), it is same as the cancatination. Is it possible given the
> > rules of strong hash functions?
> >
> > Anyway, the above was my Interpretation, please let me know the Experts
> > comments on this.
> >
> > Thanks,
> >
> > *(Vipul)() ;
>


Top

Re: Question regarding Cryptographic Hash ... by Vipul

Vipul
Tue Jul 11 10:09:52 CDT 2006

Ooop ...

You already said RSA and ElGammel use it in Raw form ... and in production
form there is no meaning to use it, since the hash would break without
padding ...

Thanks for your Anwaser. This Answers the months old query.

*(Vipul)() ;


"Valery Pryamikov" <valery@harper.no> wrote in message
news:1152610017.398636.292590@m79g2000cwm.googlegroups.com...
> Hi,
>
> H(m,c) = H(m)+H(c) is apparently notation for homomorphic encryption,
> where + is placeholder for group operation (Google for homomorphic
> encryption and you'll find tons of resources).
>
> both raw RSA and raw ElGammal has homomorphic properties - eg. with raw
> RSA (no padding)
>
> e(m*c) = e(m)*e(c)
>
> Example of another homomorphic cryptosystem is Pailier cryptosystem
> that is often used for electronic voting, because it is homomorphic to
> addition
> (i.e.)
>
> e(m+c) = e(m)+e(c)
>
> cryptographic hash is a combination of compression function with
> padding. If we only speak of compression function than it is also kind
> of "homomorphic" to the message expansion, i.e. if you take compression
> function and feed it with concatenation of two blocks, it is the same
> as sequential application of compression function to the first and the
> second blocks.
> But as I wrote it already - cryptographic hash is a combination of
> compression function with padding, and when compression function is
> used together with f.e. Merkle-Damgaard construction/padding, we are
> guaranteed against this (otherwise hash would be totally broken for
> cryptographic purposes)
>
> -Valery.
> http://www.harper.no/valery
>
> P.S. regarding "e(m*c) = e(m)*e(c)" - we all know that e=m*c^2 ;-)
>
> Vipul Pathak wrote:
> > Sorry for posting this purely theoritical question in this forum.
Members
> > may say that this question better suited to be posted in any other
> > newsgroups. Since, I am not clear where exactly to post this question,
and
> > this forum also deals with security, I have posted it here. With a
thought,
> > that many members must be knowing in details of Hashing algorithm they
use,
> > here goes the question:
> >
> > I was asked a question in B-Level exams for Network security. Long after
6
> > months, the question still remain unanswered to me. I am very interested
for
> > getting answer for this question. Can you please elaborate on this ?
> >
> > -------------------
> > Consider the random cipher model with random variables M, C and K for
plain
> > text, cipher text and key, respectively. Give an interpretation in
> > cryptographic terms of this equation:
> > H(M,C) = H(M) + H(C)
> >
> > Also specify an example of a cryptosystem, which has this property.
> > -------------------
> >
> > As far as I know, this is computing Hash of M and C separately and
> > cancatinating them. Also, it claims that when a Hash is computed with M
and
> > C (combined), it is same as the cancatination. Is it possible given the
> > rules of strong hash functions?
> >
> > Anyway, the above was my Interpretation, please let me know the Experts
> > comments on this.
> >
> > Thanks,
> >
> > *(Vipul)() ;
>


Top