Travis H. writes: > Excellent point. When I wrote that I had strongly universal hashes in > mind, like UMAC, where the hash is chosen from a family of functions > based on some secret data shared by sender and recipient. I > mistakenly conflated them with ordinary hashes (which they are, once > you pick one). Thanks for catching that.
A point of terminology, strong universal hash functions are different than what you are probably thinking of. UMAC is a MAC, not a SU hash function. It uses an almost-SU hash function in its construction, but that's different. Universal hashes and their variants (see http://www.cacr.math.uwaterloo.ca/~dstinson/universalhashingdefinitions.html for a bibliography) are actually *weaker* than conventional hashes. They can, in fact, be completely linear. While you are right that the hash is typically part of a parameterized family, once you pick one you do not get an ordinary hash. You are more likely to get an ordinary polynomial that will not serve at all well as a crypto hash. Hal Finney --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]