ISO IEC 10118-2:2010 pdf download – Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher
5 Use of the general model
The hash-functions specified in the next four clauses provide hash-codes H of length L H . The hash-functions conform to the general model specified in ISO/IEC 10118-1. For each of the four hash-functions that follow, it is therefore only necessary to specify
⎯ the parameters L 1 , L 2 , L H ,
⎯ the padding method,
⎯ the initializing value IV,
⎯ the round function φ ,
⎯ the output transformation T.
6 Hash-function 1
6.1 General
The hash-function specified in this clause provides hash-codes of length L 1 and L 2 where L 1 and L 2 are equal to n. Some specific definitions that are required to specify hash-function 1 follow.
NOTE This hash-function is described in [5].
6.2 Parameter selection
The parameters L 1 , L 2 and L H for the hash-function specified in this clause shall satisfy L 1 = L 2 = n, and L H is less than or equal to n.
6.3 Padding method The selection of the padding method for use with this hash-function is beyond the scope of this part of ISO/IEC 10118. As minimum requirements, the padding method shall output a set of q blocks D 1 , D 2 , …, D q where each block D j is of length n and shall be such that each possible input produces distinct outputs. Examples of padding methods are presented in ISO/IEC 10118-1:2000, Annex A.
6.4 Initializing value The selection of the IV for use with this hash-function is beyond the scope of this part of ISO/IEC 10118. The IV shall be a bit-string of length n and the value of the IV shall be agreed upon and fixed by users of the hash-function.
6.5 Round function
Transformation u: Define a mapping u from the ciphertext space. The round function φ combines a padded data block D j (of L 1 = n-bits) with H j-1 , the previous output of the round function (of L 2 = n bits), to yield H j . As part of the round function it is necessary to choose a function u, which transforms an n-bit block into a key for use with the block cipher algorithm E. The selection of the function u for use with this hash-function is outside the scope of this part of ISO/IEC 10118.
The round function itself is defined as follows:
Set H 0 equal to IV
φ (D j , H j-1 ) = E Kj (D j ) ⊕ D j
where K j = u (H j-1 ). The round function is shown in Figure 1.
6.6 Output transformation The output transformation T is simply truncation, i.e., the hash-code H is derived by taking the leftmost L H bits of the final output block H q .
7 Hash-function 2
7.1 General The hash-function specified in this clause provides hash-codes of length L 1 and L 2 where L 1 is equal to n and L 2 is equal to 2n. Some specific definitions that are required to specify hash-function 2 follow. NOTE 1 This hash-function is described in [4]. NOTE 2 In [6], theoretical attacks on hash-function 2 have been reported: a collision attack, with n = 128, which has complexity 2 124.5 , and a preimage attack requiring complexity and space about 2 n . The only reason to keep hash-function 2 in this part of ISO/IEC 10118 is for compatibility with the existing applications.
7.2 Parameter selection The parameters L 1 , L 2 and L H for the hash-function specified in this clause shall satisfy L 1 = n, L 2 = 2n, and L H is less than or equal to 2n.
7.3 Padding method The selection of the padding method for use with this hash-function is beyond the scope of this part of ISO/IEC 10118. As minimum requirements, the padding method shall output a set of q blocks D 1 , D 2 , …, D q where each block D j is of length n and shall be such that each possible input produces distinct outputs. Examples of padding methods are presented in ISO/IEC 10118-1:2000, Annex A.
7.4 Initializing value The selection of the IV (of length 2n) for use with this hash-function is beyond the scope of this part of ISO/IEC 10118. The IV shall be a bit-string of length 2n and the value of the IV shall be agreed upon and fixed by users of the hash-function. However, the IV shall be selected such that u(IV L ) and u’ (IV R ) are different.
7.5 Round function The round function φ combines a padded data block D j (of L 1 = n bits) with H j-1 , the previous output of the round function (of L 2 = 2n bits), to yield H j . As part of the round function it is necessary to choose two transformations u and u’. These transformations are used to transform an output block into two suitable L K bit keys for the algorithm E. The specification of u and u’ is beyond the scope of this part of ISO/IEC 10118. However, it should be taken into consideration that the selection of u and u’ is important for the security of the hash-function.ISO IEC 10118-2 pdf download.