Article 32110 of alt.security: Xref: mv alt.security:32110 Newsgroups: alt.security Path: mv!gce.com!glenn From: glenn@gce.com Subject: Ciphering idea and questions about it Message-ID: Sender: everhart@arisia.gce.mv.com (Glenn C. Everhart) Reply-To: Glenn@GCE.MV.Com Organization: Nocturnal Aviation Date: Fri, 5 Jul 1996 14:54:13 GMT X-Newsreader: mxrn 6.18-26 X-Nntp-Posting-Host: gce.com Lines: 40 Had an interesting thought, maybe worth passing on for commentary. Suppose you have a secure hash function H(msg) that delivers a random long period set of hash bits for msg, which is computationally infeasible to invert and such that the value of H(msg) depends very sensitively on all bits of msg. These things are used for authentication and tend to be all over the world. Now suppose I have a key and apply the following transform, where "+" will mean binary exclusive OR. Cipher: H(key) + M(1) = C(1) H(key+M(1)) + M(2) = C(2) H(key+M(2)) + M(3) = C(3) and so on where M(n) is the message and C is the enciphered message. Decipher: H(key) + C(1) = M(1) H(key+M(1)) + C(2) = M(2) H(key+M(2)) + C(3) = M(3) and so on. If the hash function is cryptographically strong, is this or is this not a strong cipher? Are there fast hash functions around? Note that in doing disk encryption, one has also the disk block number available, and even the offset in block, to be stuffed into the hash function if one wants. In a serial message one has offset in message also. The only piece of nontrivial software needed to implement it is the hash function itself, which has been claimed to be useful only for authentication. If this scheme is at all strong, the distinction is shown to be fairly useless. I thought of this a couple days ago...thought I might ask if anyone knows any of the answers. I do not, and am not knowledgeable in this area, save VERY casually.