可用于哈希函数的安全迭代结构

doi:10.13190/jbupt.200806.22.lizhm

北京邮电大学学报 ›› 2008, Vol. 31 ›› Issue (6): 22-25.doi: 10.13190/jbupt.200806.22.lizhm

可用于哈希函数的安全迭代结构

李志敏郑世慧杨义先

(北京邮电大学灾备技术国家工程实验室, 北京 100876)

收稿日期:2008-04-15 修回日期:2008-07-22 出版日期:2008-12-31 发布日期:2008-12-31
通讯作者: 李志敏

Iterative Structure for Hash Function

LI Zhi-min, ZHENG Shi-hui, YANG Yi-xian

(National Engineering Labortory for Disaster Backup and Recovery,
Beijing University of Posts and Telecommunications, Beijing 100876, China)

Received:2008-04-15 Revised:2008-07-22 Online:2008-12-31 Published:2008-12-31
Contact: LI Zhi-Min

摘要/Abstract

摘要：

Merkle-Damgård(MD)迭代结构存在着不能保持压缩函数的第二原像稳固性、伪随机函数性等不安全性问题.为了增强迭代哈希函数的安全性，从抵抗现有攻击的角度提出了一个强化MD迭代结构，称为CMD结构.经证明该结构可以保持压缩函数的抗碰撞性，能够抵抗现有对MD迭代结构的攻击，包括第二原像攻击和任意选定前缀的原像攻击.此外利用这些攻击方法对enveloped Merkle-Damgård结构进行了分析，指出该结构并不能提供比MD结构更高的安全性.

关键词: 哈希函数, Merkle-Damgård迭代结构, 多碰撞攻击, 第二原像攻击, 任意选定前缀的原像攻击

Abstract:

Merkle-Damgård construction had been found that it could not preserve all of the properties of the compression function, such as the second preimage resistance property, pseudo random property etc. To improve the security of the iterative Hash function, an enhanced iterative construction, called CMD construction was proposed. This construction can maintain the collision resistance of the compression function. The analysis results show that it can resist the attacks on the Merkle-Damgård construction, including the second preimage attack and the herding attack. In addition, using these known attack methods, the security of the Enveloped Merkle-Damgård construction is showed to be the same as that of the Merkle-Damgård construction.

Key words: Hash function, Merkle-Damgård iterative structure, multi-collision attack, preimage attack, herding attack

中图分类号:

TP309.7

李志敏郑世慧杨义先. 可用于哈希函数的安全迭代结构[J]. 北京邮电大学学报, 2008, 31(6): 22-25.

LI Zhi-min, ZHENG Shi-hui, YANG Yi-xian

. Iterative Structure for Hash Function[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2008, 31(6): 22-25.

参考文献

[1] Damgrd I. A design principle for Hash functions//Brassard G. Advances in CRYPTO89. Berlin: Springer-Verlag, 1989: 416-427.
[2] Merkle R. One way Hash functions and DES//Brassard. Advances in CRYPTO89. Berlin: Springer-Verlag, 1989: 428-446.
[3] Joux A. Multicollisions in iterated Hash functions, application to cascaded constructions//Franklin M. Advances in Cryptology-CRYPTO 2004. Berlin: Springer-Verlag, 2004: 306-316.
[4] Kelsey J, Schneier B. Second preimages on n-bit Hash functions for much less than 2^<em>n work//Cramer R. Advances in Cryptology- EUROCRYPT 2005. Berlin: Springer-Verlag, 2005: 474-490.
[5] Kelsey J, Kohno T. Herding Hash functions, the nostradamus attack//Vaudenay S. Advances in Cryptology-EUROCRYPT 2006. Berlin: Springer-Verlag, 2006: 183-200.
[6] NIST. Announcing request for candidate algorithm nominations for a new cryptographic Hash algorithm (SHA-3) family . 2007(2007-11-02). http://www. buslab. org/index2. php?option=com_-content&do_-pdf=1&id=186713.
[7] Bellare M, Ristenpart T. Multi-property-preserving Hash domain extension and the EMD transform//Lai Xuejia, Chen Kefei. Advances in Cryptology-ASIACRYPT 2006. Berlin: Springer-Verlag, 2006: 299-314.
[8] Gauravaram P, Millan W, Dawson E, et al. Constructing secure Hash functions by enhancing Merkle-Damgrd construction//Batten L M, Naini R S. The 11^th Australasian Conference on Information Security and Privacy. Berlin: Springer-Verlag, 2006: 407-420.
[9] Filho D G, Barreto P, Rijmen V. The Mael strom-0 Hash function//Carmo L F. The 6^th Brazilian Symposium on Information and Computer System Security. Brazil: Brazilian Society for Computing, 2006: 328-337.
[10] Duo Lei. New integrated proof method on iterated Hash structure and new structures. 2006 (2006-11-05). http://eprint.iacr.org/2006/147.pdf.
[11] Biham E, Dunkelman O. A framework for iterative Hash functions-HAIFA. NIST Second Cryptographic Hash Workshop, 2006 (2006-09-01). http://csrc.nist.gov/groups/ST/hash/documents/DUNKE-LMAN_-NIST3.pdf.
[12] Hirose S, Park J H, Yun A. A simple variant of the Merkle -Damgrd scheme with a permutation//Kurosawa K. Advances in Cryptology-ASIACRYPT 2007. Berlin: Springer-Verlag, 2007: 113-129.
[13] Gauravaram P, Kelsey J. Cryptanalysis of a class of cryptographic Hash functions . 2007 (2007-10-20). http://eprint.iacr.org/2007/277.pdf.
[14] Preneel B, Govaerts R, Vandewalle J. Hash functions based on block ciphers: a synthetic approach//Stinson D. Advances in CRYPTO 93. Berlin: Springer-Verlag, 1994: 368-378.

可用于哈希函数的安全迭代结构

Iterative Structure for Hash Function

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 4

编辑推荐

Metrics

本文评价

[1]	张国栋, 应欢, 杨寿国, 石志强, 李霁远. 嵌入式固件脆弱哈希函数自动识别与破解方法[J]. 北京邮电大学学报, 2020, 43(1): 46-53.
[2]	王鑫孙晨王新梅. 同态哈希函数在多变量公钥密码体制中的应用[J]. 北京邮电大学学报, 2012, 35(5): 46-48.
[3]	李道丰，杨义先，谷利泽，孙斌. 采用可净化签名的OSPF协议安全保护机制[J]. 北京邮电大学学报, 2011, 34(3): 79-83.
[4]	袁刚, 彭泳, 程时端. 一种基于可分配流量的MPLS动态流量分配机制[J]. 北京邮电大学学报, 2004, 27(5): 50-55.