[144568] in cryptography@c2.net mail archive
Re: MD6 withdrawn from SHA-3 competition
daemon@ATHENA.MIT.EDU (Josh Rubin)
Tue Jul 7 08:52:54 2009
Date: Tue, 07 Jul 2009 07:56:17 -0400
From: Josh Rubin <jlrubin@gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
CC: cryptography@metzdowd.com
In-Reply-To: <p06240822c67663b14b88@[10.20.30.158]>
Paul Hoffman wrote:
> At 10:39 AM -0700 7/4/09, Hal Finney wrote:
>
>> But how many other hash function candidates would also be excluded if
>> such a stringent criterion were applied? Or turning it around, if NIST
>> demanded a proof of immunity to differential attacks as Rivest proposed,
>> how many candidates have offered such a proof, in variants fast enough
>> to beat SHA-2?
>>
>
> The more important question, and one that I hope gets dealt with, is
> what is a sufficient proof. We know what proofs are, but we don't have
> a precise definition. We know what a proof should look like, sort
> of. Ron and his crew have their own definition, and they can't make
> MD6 work within that definition. But that doesn't mean that NIST
> wouldn't have accepted the fast-enough MD6 with a proof from someone
> else.
Mathematicians have a precise definition of what a proof is, thanks to
logicians like David Hilbert and Kurt Goedel. But people in all
disciplines have a terrible time formulating problems, and remembering
the conditions under which a statement was proved. They also quote
theorems incorrectly, and errors propagate through the less
well-reviewed parts of the literature.
--
Josh Rubin
jlrubin@gmail.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
