No subject

lot of security properties. It was shown that by truncating the output
of a collision resistant hash function (considered as black-box) one
would lose the collision-resistance guarantee [1]. A similar problem
seems to exist with TCR and the MAC property as well. On the other
hand, it is known that the PRF-property is closed under truncation,
i.e., any truncated output of a PRF is still a pseudorandom value.

[1] Krzysztof Pietrzak. Compression from Collisions, or why CRHF
Combiners have a Long Output. CRYPTO 2008.


Feel free to communicate my remarks to others interested. I'll try to
follow the discussions in the mailing list, and I would be happy to
help whenever issues concerning the specification of our combiners
arise.


ciao,
anja


--
Darmstadt University of Technology

Adr.: Hochschulstra=C3=9Fe 10 | Tel: +49 6151/16-5416
=C2=A0 =C2=A0 =C2=A064289 Darmstadt =C2=A0 =C2=A0| Fax: +49 6151/16-6036
Web: =C2=A0www.cdc.informatik.tu-darmstadt.de/~alehmann/