W3C home > Mailing lists > Public > www-rdf-interest@w3.org > May 2000

RE: Model Digest Algorithm

From: Graham Klyne <GK@Dial.pipex.com>
Date: Tue, 02 May 2000 08:02:52 +0100
Message-Id: <4.3.1.2.20000502074939.00d82100@pop.dial.pipex.com>
To: "McBride, Brian" <bwm@hplb.hpl.hp.com>
Cc: www-rdf-interest@w3.org
At 06:12 PM 4/30/00 +0100, McBride, Brian wrote:
> > ... Are you aware of other symmetrical algorithms that are
> >more secure and have the same nice property? If security of the current
> >approach is insufficient, this property can be dropped.
>
>Aw hell, I'm the wrong person to ask.  I'm not a crypto guy.  Since you ask
>the
>question, I take it that the security of XOR as a digest aggregator function
>is an open question in your mind too.

I'm not a cryptographer, either, but...

It seems to me that the very property that makes XOR useful for computing 
incremental digests makes it cryptographically weak;  i.e. the capability 
to selectively remove items from a digest, and add in others.  If it's easy 
for the originator of a document, why not also for a forger?

 From past discussions, I also think there are two separate issues to be 
considered here:

(a) providing a (probably) unique identifier for an RDF subgraph that is 
independent of serialization syntax.

(b) providing a cryptographically secure digest of an RDF subgraph, which 
seems a considerably stronger requirement than (a).  IMO, there is no 
reasonable way to use a reversible aggregator function for this 
purpose.  But as I have stated in an earlier message, I question the need 
for a cryptographically secure digest.

As Brian has already demonstrated, the XOR aggregator is not sufficient 
even for case (a).  The immediately evident problem here is that (X XOR Y 
XOR Y) == X, for all Y.  So how about using simple addition, modulo 2^n, as 
an aggregator?

#g


------------
Graham Klyne
(GK@ACM.ORG)
Received on Tuesday, 2 May 2000 07:38:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:51:43 GMT