Squeezing Bits: Meet MD, Sponge and HAIFA

--

At a conference in 1989, something magical happened that changed cybersecurity. Ralph Merkle presented a paper on digital signatures [1]:

and Ivan Damgård outlined a new method of creating hash functions [2]:

These papers actually described the same hashing method and, which compressed data into a fixed-length output. It worked so well that many hashing methods have since used it, including MD5, SHA-1, SHA-256 and SHA-512.

Merkle-Damgård construct: MD5, SHA-1 and SHA-2

The foundation of trust in cybersecurity is laid by the simple concept of data hashing, and where we take data and create a fixed-length hash for the data. If we cannot trust our hashing methods, we are in trouble. When we create the perfect message hash, we thus need to make sure we have:

  • Collision resistance. This is where it is extremely difficult to find two messages which have the same hash. Thus we should not be able to find the has of…

--

--

Prof Bill Buchanan OBE FRSE
ASecuritySite: When Bob Met Alice

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.