The Design Principle of Hash Function with Merkle-Damgård Construction
نویسندگان
چکیده
The paper discusses the security of compression function and hash function with Merkle-Damg̊ard construction and provides the complexity bound of finding a collision and primage of hash function based on the condition probability of compression function y = F (x, k). we make a conclusion that in Merkle-Dammåard construction, the requirement of free start collision resistant and free start collision resistant on compression function is not necessary and it is enough if the compression function with properties of fix start collision resistant and fix start preimage resistant. However, the condition probability PY |X=x(y) and PY |K=k(y) of compression function y = F (x, k) have much influence on the security of the hash function. The best design of compression function should have properties of that y is uniformly distributed for all x and k. KeyWord: Hash Function, Block Cipher, Merkle-Damg̊ard Construction
منابع مشابه
Merkle-Damgård Revisited: How to Construct a Hash Function
The most common way of constructing a hash function (e.g., SHA-1) is to iterate a compression function on the input message. The compression function is usually designed from scratch or made out of a block-cipher. In this paper, we introduce a new security notion for hash-functions, stronger than collision-resistance. Under this notion, the arbitrary length hash function H must behave as a rand...
متن کاملEnhancing the Security Level of SHA-1 by Replacing the MD Paradigm
Cryptographic hash functions are important cryptographic techniques and are used widely in many cryptographic applications and protocols. All the MD4 design based hash functions such as MD5, SHA-0, SHA-1 and RIPEMD-160 are built on Merkle-Damgård iterative method. Recent differential and generic attacks against these popular hash functions have shown weaknesses of both specific hash functions a...
متن کاملSome thoughts on Collision Attacks in the Hash Functions MD5, SHA-0 and SHA-1
The design principle of Merkle-Damg̊ard construction is collision resistance of the compression function implies collision resistance of the hash function. Recently multi-block collisions have been found on the hash functions MD5, SHA-0 and SHA-1 using differential cryptanalysis. These multi-block collisions raise several questions on some definitions and properties used in the hash function lit...
متن کاملA Failure-Friendly Design Principle for Hash Functions
This paper reconsiders the established Merkle-Damg̊ard design principle for iterated hash functions. The internal state size w of an iterated n-bit hash function is treated as a security parameter of its own right. In a formal model, we show that increasing w quantifiably improves security against certain attacks, even if the compression function fails to be collision resistant. We propose the w...
متن کاملOn the Strength of the Concatenated Hash Combiner When All the Hash Functions Are Weak
At Crypto 2004 Joux showed a novel attack against the concatenated hash combiner instantiated with Merkle-Damgård iterated hash functions. His method of producing multicollisions in the Merkle-Damgård design was the rst in a recent line of generic attacks against the Merkle-Damgård construction. In the same paper, Joux raised an open question concerning the strength of the concatenated hash com...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2006 شماره
صفحات -
تاریخ انتشار 2006