• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>Applied Cryptography and Network Security >Getting the Best Out of Existing Hash Functions; or What if We Are Stuck with SHA?
【24h】

Getting the Best Out of Existing Hash Functions; or What if We Are Stuck with SHA?

机译:充分利用现有哈希函数;或如果我们被SHA卡住了怎么办?

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Cascade chaining is a very efficient and popular mode of operation for building various kinds of cryptographic hash functions. In particular, it is the basis of the most heavily utilized SHA function family. Recently, many researchers pointed out various practical and theoretical deficiencies of this mode, which resulted in a renewed interest in building specialized modes of operations and new hash functions with better security. Unfortunately, it appears unlikely that a new hash function (say, based on a new mode of operation) would be widely adopted before being standardized, which is not expected to happen in the foreseeable future. Instead, it seems likely that practitioners would continue to use the cascade chaining, and the SHA family in particular, and try to work around the deficiencies mentioned above. In this paper we provide a thorough treatment of how to soundly design a secure hash function H' from a given cascade-based hash function H for various cryptographic applications, such as collision-resistance, one-wayness, pseudorandomness, etc. We require each proposed construction of H' to satisfy the following "axioms". 1. The construction consists of one or two "black-box" calls to H. 2. In particular, one is not allowed to know/use anything about the internals of H, such as modifying the initialization vector or affecting the value of the chaining variable. 3. The construction should support variable-length inputs. 4. Compared to a single evaluation of H(M), the evaluation of H'(M) should make at most a fixed (small constant) number of extra calls to the underlying compression function of H. In other words, the efficiency of H' is negligibly close to that of H. We discuss several popular modes of operation satisfying the above axioms. For each such mode and for each given desired security requirement, we discuss the weakest requirement on the compression function of H which would make this mode secure. We also give the implications of these results for using existing hash functions SHA-x;, where x ∈ {1,224,256,384,512}.
机译:级联链接是一种非常有效且流行的操作模式,用于构建各种加密哈希函数。特别是,它是使用最广泛的SHA功能家族的基础。最近,许多研究人员指出了此模式的各种实际和理论缺陷,这引起了人们对构建专门的操作模式和具有更好安全性的新哈希函数的新兴趣。不幸的是,新的散列函数(例如,基于新的操作模式)在标准化之前似乎不太可能被广泛采用,这在可预见的将来不会发生。取而代之的是,从业者似乎将继续使用级联链,尤其是SHA系列,并尝试解决上述缺陷。在本文中,我们对如何针对给定的基于级联的哈希函数H合理地设计安全哈希函数H'进行了彻底的处理,这些哈希函数H适用于各种加密应用,例如抗碰撞性,单向性,伪随机性等。提出的H'的结构满足以下“轴”。 1.构造由一个或两个对H的“黑匣子”调用组成。2.特别是,不允许一个人了解/使用有关H内部的任何信息,例如修改初始化向量或影响H的值。链接变量。 3.结构应支持可变长度输入。 4.与H(M)的单个评估相比,H'(M)的评估最多应对H的基础压缩函数进行固定(小常数)数量的额外调用。换句话说,H的效率H'与H几乎可以忽略不计。我们讨论满足上述公理的几种流行的操作模式。对于每种这样的模式以及每种给定的期望安全性要求,我们讨论对H的压缩函数的最弱要求,这将使该模式安全。我们还给出了使用现有哈希函数SHA-x;得出的这些结果的含义,其中x∈{1,224,256,384,512}。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号