RE: Model Digest Algorithm

At 06:12 PM 4/30/00 +0100, McBride, Brian wrote:
> > ... Are you aware of other symmetrical algorithms that are
> >more secure and have the same nice property? If security of the current
> >approach is insufficient, this property can be dropped.
>Aw hell, I'm the wrong person to ask.  I'm not a crypto guy.  Since you ask
>question, I take it that the security of XOR as a digest aggregator function
>is an open question in your mind too.

I'm not a cryptographer, either, but...

It seems to me that the very property that makes XOR useful for computing 
incremental digests makes it cryptographically weak;  i.e. the capability 
to selectively remove items from a digest, and add in others.  If it's easy 
for the originator of a document, why not also for a forger?

 From past discussions, I also think there are two separate issues to be 
considered here:

(a) providing a (probably) unique identifier for an RDF subgraph that is 
independent of serialization syntax.

(b) providing a cryptographically secure digest of an RDF subgraph, which 
seems a considerably stronger requirement than (a).  IMO, there is no 
reasonable way to use a reversible aggregator function for this 
purpose.  But as I have stated in an earlier message, I question the need 
for a cryptographically secure digest.

As Brian has already demonstrated, the XOR aggregator is not sufficient 
even for case (a).  The immediately evident problem here is that (X XOR Y 
XOR Y) == X, for all Y.  So how about using simple addition, modulo 2^n, as 
an aggregator?


Graham Klyne

Received on Tuesday, 2 May 2000 07:38:47 UTC