摘要
利用已有的分组密码构造hash函数是一种非常方便的构造方法。早在1993年Preneel等人就对使用分组密码构造的64种hash函数进行了安全分类,这些hash函数统称为PGV体制,它们都是单倍分组长度的,即输出长度和分组长度相同。2002年Black在他的论文中对这64种hash函数的安全性进行了严格的证明,证明其中的20种是安全的,其他是不安全的。随着计算技术的发展,人们感到单倍分组长度的hash函数的安全性不足,于是一些双倍分组长度的基于分组密码的hash函数被提了出来。但是其中的很多是不安全的。在AsiaCrypt2006上,一种使用了5个分组密码的双倍分组长度的hash函数被提了出来。作者声明这种构造方式是安全的,但没有给出安全性证明。本文对该体制进行了分析,发现其安全性并不理想,并针对本文的攻击提出了一种新的基于分组密码的hash函数,同时和SHA-256等hash函数的性能进行了对比。
It is convenient to build hash functions on block ciphers. In 1993, Preneel etc. analyzed the security of 64 hash functions based on block ciphers which are single-block-length and named PGV schemes. In 2002, Black etc. formally proved the security of 64 PGV schemes. It is shown that 20 of them are secure and the others are not. With the development of computation technique, the security of single-block-length hash functions is not enough, therefore, some double- block-length schemes are proposed, however, many of them are not secure. In AsiaCrypt2006, a kind of hash function based on five block ciphers was proposed and it was claimed secure without security proofs. It is shown that the security of the scheme based on five block ciphers is not ideal. In this paper,a new hash function based on block ciphers is proposed and its efficiency is compared with SHA-26's.
出处
《计算机科学》
CSCD
北大核心
2008年第9期129-132,共4页
Computer Science