On Building Hash Functions from Multivariate Quadratic Equations
نویسندگان
چکیده
Recent advances in hash functions cryptanalysis provide a strong impetus to explore new designs. This paper describes a new hash function mq-hash that depends for its security on the difficulty of solving randomly drawn systems of multivariate equations over a finite field. While provably achieving pre-image resistance for a hash function based on multivariate equations is relatively easy, näıve constructions using multivariate equations are susceptible to collision attacks. In this paper, therefore, we describe a mechanism—also using multivariate quadratic polynomials—yielding the collision-free property we seek while retaining provable pre-image resistance. Therefore, mq-hash offers an intriguing companion proposal to the provably collision-free hash function vsh.
منابع مشابه
On the security of multivariate hash functions
Multivariate hash functions are a type of hash functions whose compression function is explicitly defined as a sequence of multivariate equations. Olivier Billet etc. have designed the hash function MQ-HASH and Jintai Ding etc. also propose a similar construction, which the security depends on the difficulty of solving randomly drawn systems of multivariate equations over a finite field. Findin...
متن کاملAnalysis of Multivariate Hash Functions
We analyse the security of new hash functions whose compression function is explicitly defined as a sequence of multivariate equations. First we prove non-universality of certain proposals with sparse equations, and deduce trivial collisions holding with high probability. Then we introduce a method inspired from coding theory for solving underdefined systems with a low density of non-linear mon...
متن کاملShort Solutions to Nonlinear Systems of Equations
This paper presents a new hard problem for use in cryptography, called Short Solutions to Nonlinear Equations (SSNE). This problem generalizes the Multivariate Quadratic (MQ) problem by requiring the solution be short; as well as the Short Integer Solutions (SIS) problem by requiring the underlying system of equations be nonlinear. The joint requirement causes common solving strategies such as ...
متن کاملMultivariates Polynomials for Hashing
We propose the idea of building a secure hash using quadratic or higher degree multivariate polynomials over a finite field as the compression function. We analyze some security properties and potential feasibility, where the compression functions are randomly chosen highdegree polynomials, and show that under some plausible assumptions, high-degree polynomials as compression functions has good...
متن کاملFurther results on the security of MQ—DRBG
In 2011 ISO standardized [2] a family of deterministic pseudorandom bit generators MQ—DRBG, based on multivariate quadratic functions satisfying certain properties. The security of the generator could be described in terms of complexity of solving the corresponding system of multivariate quadratic equations. In our previous article [1] we proposed two different techniques for constructing syste...
متن کامل