Analysis of All-or-Nothing Hash Functions

The most popular method to construct hash functions is to iterate a compression function on the input message. This method is called Merkle-Damgård method. Most hash functions used in practice such as MD4, MD5, SHA-0, SHA-1 are based on this method. However this method is not always the best. For example, this method can not resist multi-collision attack. Recently some modifications of this method are proposed. These modified methods are based on Merkle-Damgård method and some improvements are made. A hash function based on All-or-Nothing property is one of these improvements. All-or-nothing property is an encryption mode for block ciphers. It has the property that one must decrypt all cipher blocks to determine any plain-text block. All-ornothing hash function is a kind of hash function constructed with the all-or-nothing property. The authors of it claim that it is more secure than those common hash functions. In this paper, we will show that this is not true and there are still some flaws on this improved method.