merkle.pa@Xerox.COM (12/12/89)
The one-way hash function, Snefru version 2.0, has been released for
general use. It generates either a 128 bit or 256 bit output.
Previous discussions in this group have mentioned the X9.9 MAC
(Message Authentication Code) that involves a secret key. Snefru is a
one-way hash function, and therefore does not use or require any
secret information. Further, Snefru has substantially better
performance than any DES based system.
One-way hash functions have the property that it is computationally
infeasible to find two inputs that produce the same output. Thus, if
I can authenticate the (128 or 256 bit) output, then I can
authenticate the large (perhaps megabytes) input that produced that
output.
The method of authenticating the output and the method of insuring the
integrity of the program computing the one-way hash function are
separate issues, not addressed by Snefru.
The C source for Snefru version 2.0 is available to anyone who wants a
copy via anonymous FTP from "arisia.xerox.com" (a Unix system at Xerox
PARC in Palo Alto, CA) in directory "/pub/hash". The source files
are: hash2.0.c, standardSBoxes2.c, and testSBoxes.c.
An assembly language version written for the Sun SPARCstation 1 can
hash large files at a speed slightly faster than 8 megabits per
second. This includes CPU time (as measured by the "time" command)
and excludes disk transfer time etc.
Snefru version 2.0 is still preliminary. It has received only modest
security review. It would seem prudent to use it only for
experimental or research purposes until it has received more
widespread scrutiny. A significant purpose of this posting is to
invite such scrutiny.
Cheers!
Ralph C. Merkle
Xerox PARC
3333 Coyote Hill Road
Palo Alto, CA 94304
merkle@xerox.com