Can a secure symmetric key encryption scheme be used to create a secure cryptographic hash function? The one-way nature of the exchange is affected, I assume, because the cipher of symmetric key encryption can be decrypted. What are the advantages and disadvantages of this approach?
Symmetric key encryption schemes can be used to create cryptographic hash functions. To discuss possible advantages or disadvantages of doing this, lets first look at how symmetric key encryption algorithms and hash function cryptography are used and the properties they should have.
A hash function takes a block of data, usually called the message, and returns a fixed-size string, which can be called the hash, hash value or message digest. The main reason for creating a hash value of a message is that any accidental or intentional change to it will result in a completely different hash value. By comparing the hash values of a message before and after an event, such as downloading it, the integrity of the data can be validated.
The four main properties of a good cryptographic hash function are:
1. It is easy to compute the hash value for any given message.
2. It is infeasible to find a message that has a given hash.
3. It is infeasible to modify a message without the hash being changed.
4. It is infeasible to find two different messages with the same hash.
Let's now look at how symmetric-key encryption works and see if it has the four properties listed above. Symmetric key algorithms use the same key for both decryption and encryption and can be divided into stream ciphers and block ciphers. Stream ciphers encrypt the bits of the message one at a time, while block ciphers take a number of bits and encrypt them as a single unit, the Advanced Encryption Standard (AES) algorithm uses 128-bit blocks for example.
A block cipher such as AES can be turned into a hash function; Davies–Meyer and Matyas–Meyer–Oseas are some of the methods used. Algorithms such as AES were designed to encrypt data, a different design goal to a hash function that uses large keys and blocks, can efficiently change keys every block, and have been designed and vetted for resistance to related-key attacks. AES has key and block sizes that make it nontrivial to generate long hash values. AES encryption becomes less efficient when the key changes each block and related-key attacks make it potentially less secure for use in a hash function than for encryption.
However, taking a hit on efficiency and security may be acceptable when an embedded system needs to implement both encryption and hashing while using the minimum amount of code. As always with most security-related algorithms, it is often a tradeoff between speed and security.
This was first published in September 2011