Paul Hoffman wrote:
> At 10:39 AM -0700 7/4/09, Hal Finney wrote:
>> But how many other hash function candidates would also be excluded if
>> such a stringent criterion were applied? Or turning it around, if NIST
>> demanded a proof of immunity to differential attacks as Rivest proposed,
>> how many candidates have offered such a proof, in variants fast enough
>> to beat SHA-2?
> The more important question, and one that I hope gets dealt with, is
> what is a sufficient proof. We know what proofs are, but we don't have
> a precise definition. We know what a proof should look like, sort
> of. Ron and his crew have their own definition, and they can't make
> MD6 work within that definition. But that doesn't mean that NIST
> wouldn't have accepted the fast-enough MD6 with a proof from someone
> else. 

Mathematicians have a precise definition of what a proof is, thanks to
logicians like David Hilbert and Kurt Goedel. But people in all
disciplines have a terrible time formulating problems, and remembering
the conditions under which a statement was proved. They also quote
theorems incorrectly, and errors propagate through the less
well-reviewed parts of the literature.

Josh Rubin

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to