Information Technology Reference
In-Depth Information
uses 2 expanded words per round so it requires as many expanded message
words (
W
) as twice the number of rounds per each different digest size. In order
to maximize differences in similar messages, two 32bit pseudo-CRC words are
included that act as mini-hashes making collision attacks more dicult. In this
way, the expanded message is formed by:
PCRC
1
|
PCRC
2
|W
0
|W
1
| ...|W
n
|M
0
|M
1
| ...|M
127
3.2 Pseudo-CRCs
The first pseudo 32bit CRC is computed using a weighted sum code applied to
error detection using the algorithm for WSC-1 described by [5]. This is similar
to a normal CRC but faster, acting as a small hash of the message.
PCRC
1
=WSC-1(
M
0
...M
127
)
The second pseudo CRC is a derivation of the message expansion scheme and is
calculated together with the message expansion:
A
=PCRC
1
;
For each required expansion word
W
i
with
i
=
n
to 0 do:
W
i
=ROTL((
W
i
+5
⊕W
i
+9
⊕W
i
+17
⊕W
i
+128
)
,
1)
⊕K
S
box
(
A⊕
(
A>>
8)
⊕
(
A>>
16)
⊕
(
A>>
24))
A
=
A ⊕W
i
The expansion words
W
i
are generated backwards, last to first; and in the end,
PCRC
2
is the last
A
.The
symbol denotes binary XOR, the
>>
symbol
denotes bit shift to the right and ROTL means left bit rotation. The
K
S
BOX
()
expression implies that the constant
K
is chosen as the output of the SBOX.
⊕
3.3 Results
This expansion scheme achieves good results in terms of avalanche as shown
in Table 1 and prevents known collision attacks against the original version of
Tangle.
Where expanded size is the total size of the expanded message in 32 bit words,
while the number of actual expanded
W
words is in parenthesis; expanded ratio is
the percentage of expanded words in relation to the message size; and avalanche
means the number of bits changing in the expanded message for a single bit
change in the message. The expected avalanche value is 50% and the actual
message words embedded in the expanded message are not taken into account
when computing avalanche.
Regarding performance, the proposed message expansion does not add a sig-
nificant overhead to the original version obtaining equally good results, as shown
in Table 2.
Search WWH ::
Custom Search