calofmijuck/blog
1
0
Fork 0
mirror of https://github.com/calofmijuck/blog.git synced 2025-12-06 14:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: broken image links have been fixed

Browse Source
This commit is contained in:
Sungchan Yi
2024-02-09 14:25:14 +09:00
parent 07a5d77dae
commit 43e468b600
44 changed files with 73 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
_posts/Lecture Notes/Modern Cryptography/2023-09-28-hash-functions.md
View File

@@ -106,7 +106,7 @@ Now we want to construct collision resistant hash functions that work for arbitr
The Merkle-Damgård transform gives as a way to extend our input domain of the hash function by iterating the function.
![mc-06-merkle-damgard.png](../../../assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-06-merkle-damgard.png#)
![mc-06-merkle-damgard.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-06-merkle-damgard.png#)
> **Definition.** Let $h : \left\lbrace 0, 1 \right\rbrace^n \times \left\lbrace 0, 1 \right\rbrace^l \rightarrow \left\lbrace 0, 1 \right\rbrace^n$ be a hash function. The **Merkle-Damgård function derived from $h$** is a function $H$ that works as follows.
>
@@ -151,7 +151,7 @@ Now we only have to build a collision resistant compression function. We can bui
Number theoretic primitives will be shown after we learn some number theory.[^3] An example is shown in [collision resistance using DL problem (Modern Cryptography)](../2023-10-03-key-exchange#collision-resistance-based-on-dl-problem).
![mc-06-davies-meyer.png](../../../assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-06-davies-meyer.png#)
![mc-06-davies-meyer.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-06-davies-meyer.png#)
> **Definition.** Let $\mathcal{E} = (E, D)$ be a block cipher over $(\mathcal{K}, X, X)$ where $X = \left\lbrace 0, 1 \right\rbrace^n$. The **Davies-Meyer compression function derived from $E$** maps inputs in $X \times \mathcal{K}$ to outputs in $X$, defined as follows.
>
@@ -216,7 +216,7 @@ This can be thought of as blocking the length extension attack from prepending t
### HMAC
![mc-06-hmac.png](../../../assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-06-hmac.png#)
![mc-06-hmac.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-06-hmac.png#)
This is a variant of the two-key nest, but the difference is that the keys $k_1', k_2'$ are not independent. Choose a key $k \leftarrow \mathcal{K}$, and set