[tahoe-dev] simpler/quicker hash function combiners for more specific purposes

[Zooko O'Whielacronx]

> The concatenation combiner is a robust combiner for collision
> resistance:
>
> H|(x) = H₀(x) | H₁(x)

Ah, likewise if all we need is pre-image-resistance, which is (I
think, roughly) what we need for hash-based digital signatures, then
the following is a combiner that robustly preserved
pre-image-resistance:

H∘(x) = H₀(H₁(x))

So to summarize, if you need to optimize for CPU efficiency, and

 * you need collision resistance but you do *not* need pre-image
resistance, second-pre-image resistance, PRF, etc., then use:

H|(x) = H₀(x) | H₁(x)

 * you need pre-image resistance but you do *not* need collision
resistance, etc., then use:

H∘(x) = H₀(H₁(x))

 * you need PRF but you do *not* need collision resistance, etc., then use:

H⊕(x) = H₀(x) ⊕ H₁(x)

If you do not need to optimize for CPU efficiency, and/or if you want
a function that is robust for collision-resistance, PRF,
target-collision-resistance, and MAC, then use Comb4p.

Hey wait a second. Does Comb4P preserve pre-image resistance?

Regards,

Zooko