Security Characteristics
- The second preimage attack is more efficient for long messages, as compared to brute force.
- Multi-collision is present.
- Given a hash of message X, it is easy to find the value of X+Y (padding on X).
Merkle-Damgard Scheme in Cryptography
Pre-requisites: Cryptography and its Types
MD scheme(discovered by Ralph Merkle) is used to build collision-resistant cryptographic hash functions from collision-resistant one-way compression functions. It is used in algorithms like SHA-1, SHA-256, etc.
This scheme can be divided into two stages:
Stage 1: Design a fixed-length, collision-resistant compression function.
Stage 2: Design a CRHF H for arbitrary length messages, using ‘h’.
1. Encode the input M(with length L) for HMD to make the encoded message, a multiple of l bits. If L is already a multiple of l bits, then add an additional dummy block.
Original Message || Padding length
2. The message is then considered as t-blocks each of n bits, i.e: M1, M2…….Mt. Apply function h iteratively over the blocks of M and the previous outcome of h(i.e H1, H2…….HMD)
F(Hi-1, Mi) = Hi
3. Before starting iteration, an initial vector(H0) is used.
4. The digest HMD created after tth iteration is the compressed hash value of the original message.
Contact Us