merkle.pa@Xerox.COM (12/12/89)
The one-way hash function, Snefru version 2.0, has been released for general use. It generates either a 128 bit or 256 bit output. Previous discussions in this group have mentioned the X9.9 MAC (Message Authentication Code) that involves a secret key. Snefru is a one-way hash function, and therefore does not use or require any secret information. Further, Snefru has substantially better performance than any DES based system. One-way hash functions have the property that it is computationally infeasible to find two inputs that produce the same output. Thus, if I can authenticate the (128 or 256 bit) output, then I can authenticate the large (perhaps megabytes) input that produced that output. The method of authenticating the output and the method of insuring the integrity of the program computing the one-way hash function are separate issues, not addressed by Snefru. The C source for Snefru version 2.0 is available to anyone who wants a copy via anonymous FTP from "arisia.xerox.com" (a Unix system at Xerox PARC in Palo Alto, CA) in directory "/pub/hash". The source files are: hash2.0.c, standardSBoxes2.c, and testSBoxes.c. An assembly language version written for the Sun SPARCstation 1 can hash large files at a speed slightly faster than 8 megabits per second. This includes CPU time (as measured by the "time" command) and excludes disk transfer time etc. Snefru version 2.0 is still preliminary. It has received only modest security review. It would seem prudent to use it only for experimental or research purposes until it has received more widespread scrutiny. A significant purpose of this posting is to invite such scrutiny. Cheers! Ralph C. Merkle Xerox PARC 3333 Coyote Hill Road Palo Alto, CA 94304 merkle@xerox.com