CN102542070B - Method for structuring one-way Hash function based on random function - Google Patents
Method for structuring one-way Hash function based on random function Download PDFInfo
- Publication number
- CN102542070B CN102542070B CN201210013532.XA CN201210013532A CN102542070B CN 102542070 B CN102542070 B CN 102542070B CN 201210013532 A CN201210013532 A CN 201210013532A CN 102542070 B CN102542070 B CN 102542070B
- Authority
- CN
- China
- Prior art keywords
- function
- length
- random
- message
- hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 230000006835 compression Effects 0.000 claims abstract description 14
- 238000007906 compression Methods 0.000 claims abstract description 14
- 230000006870 function Effects 0.000 claims description 163
- 238000013461 design Methods 0.000 claims description 19
- 238000013507 mapping Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 4
- 238000012795 verification Methods 0.000 claims description 2
- 230000000295 complement effect Effects 0.000 claims 1
- 238000004364 calculation method Methods 0.000 abstract description 3
- 238000004422 calculation algorithm Methods 0.000 description 15
- 230000000694 effects Effects 0.000 description 9
- 230000000875 corresponding effect Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 4
- 238000009792 diffusion process Methods 0.000 description 4
- PXFBZOLANLWPMH-UHFFFAOYSA-N 16-Epiaffinine Natural products C1C(C2=CC=CC=C2N2)=C2C(=O)CC2C(=CC)CN(C)C1C2CO PXFBZOLANLWPMH-UHFFFAOYSA-N 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000006073 displacement reaction Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000002596 correlated effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 230000000739 chaotic effect Effects 0.000 description 1
- 230000004087 circulation Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 238000012804 iterative process Methods 0.000 description 1
- 238000012067 mathematical method Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000002203 pretreatment Methods 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
Abstract
The invention belongs to the field of information security, in particular to the field of cryptology. The invention relates to a method for structuring a one-way Hash function based on a random function. The method uses a random function as a Hash function, or rather, the method uses the random function as a compression function, namely the compression function is indeterminate and has various possible concrete function forms, and the concrete form of the function is determined through clear text messages during calculation. The Hash function structured by the method brings various obstacles for decoding, a forged clear text needs to conform to the requirements of the traditional deterministic Hash function, and the definite code of the concrete function form of the deterministic random Hash function corresponding to the clear text must be consistent. The current cryptanalysis generally aims at the deterministic Hash function. When a cryptanalyst only knows a Hash value, decoding is even more difficult. As the concrete function form of the random function is not known, the cryptanalyst is unable to start by adopting a general decoding method.
Description
Technical field
The invention belongs to information security field, relate to a kind of building method of the one-way Hash function based on random function.
Background technology
Existing hash(is translated into again Hash, hash, hash) function has fixing structure and function, and this provides convenience for cryptanalysis.For hash function H=Hash (M), generally by M, calculate H easy, and ask one or more corresponding M by H, be very difficult, under limited computing power, often need long time.But Wang little Yun has cracked a series of hash function in recent years.2004, 2005, MD5 and the large cryptographic algorithm of SHA-1 two that is widely used in computer safety system by the whole world successively decoded by the research group that Wang little Yun leads, cause the very big concern of international cryptography educational circles and highly praise. for a fixing function, guarantee that this one-way is more difficult, because say in principle and can carry out backstepping (although it is unidirectional according to the structure of hash function, original text and hash value are many-to-one mapping relations, but by some mathematical methods and computational tool in the situation that, may carry out successful backstepping, this provides an entrance cracking), algorithm design need to be obtained very complicated.If the algorithm of a hash function is random, uncertain, cryptanalysis person is difficult to set about.Relative with traditional definite function, propose the concept of random function here, and the expression formula of this function, structure and form are random, uncertain, such as random function y=F (a, b, c), F (a, b, c) do not have clear and definite form, its concrete form may be f
1(a, b, c), f
2(a, b, c), f
3(a, b, c), f
4a function among (a, b, c).The random function of noticing here refers to the function with randomness, now generally in computer realm by the function that produces random number also referred to as random function.
Summary of the invention
In view of definite function gives cryptanalysis person clear and definite target, thereby affect security.Thus, the present invention's application random function designs hash function.
Notice, although hash algorithm is uncertain in the present invention,, general in the situation that, in order to reach the object of checking, when plaintext is certain, hash value should be determined, in order to address this problem, we set hash function and the probability relativity of input expressly, when input is when being expressly definite, the form of hash function is also determined, under the condition of known-plaintext, hash function determines, hash function is by expressly determining in some way.
We suppose that random hash function is D=H (m), and H is random, and m is the variable input of function, use for reference the feature of traditional deterministic hash function, in adopting the hash function of random function, expressly except determining the concrete form h of hash function
i(m) outside, also as D=h
i(m) the input m of algorithm.Determining so the plaintext part of hash function concrete form and can be correlated with as the part of parameter m input hash function, can be also independently, such as getting a part expressly, determines h
i(m), get an other part expressly as m.If two parts are independently, cryptanalysis person is easily defeated in detail, and such as first determining function, is finding suitable m; On the contrary, if two parts are associated, adopt said method invalid, because first determine after function, then find in the process of suitable m, the conversion of m also can cause the variation of function, cannot meet simultaneously.Therefore, both are just safer in associated situation, and need in the present invention their relation to design very complicatedly, make to be difficult to crack.In particular, when being exactly design, bit number how as far as possible expressly all need to be participated in to determining function form and m simultaneously, so by expressly whole in determining that both are the most suitable, the form of considering existing hash function all needs to fill, so the plaintext after filling being processed in the present invention is whole in determining hash functional form and m.
Be similar to the analysis above us, in the time of cryptanalysis, the relation of the different piece data of hash function is more independent, more easily defeats in detail; If relevance is fine, when attempting to defeat in detail, just there will be this to break up, that is ungratified situation again.Therefore, in the time of design, need to allow the association of data height, diffusion widely, in order to allow these diffusion and associated not reveal information, need again highly, avalanche effect fast.The avalanche effect here refers to the class effect in cryptography, rather than in economics.A kind of unsettled equilibrium state of avalanche effect is also a kind of feature of cryptographic algorithm, a small amount of variation that it indicates literary composition or key can cause the great changes of ciphertext, the conversion of 1bit expressly causes the change of half bit of ciphertext, and the conversion of the 1bit of same key causes the change of half bit of ciphertext.For Hash function, avalanche effect refers to that the variation of a small amount of message digit can cause that many positions of hash value change.From above angle, consider technical cryptanalysis, hash value length is longer, also can design safelyr, because will forge simultaneously, to meet the message of longer hash value more difficult.
In view of MD5, SHA-1 are cracked by Wang little Yun, and these hash functions all exist single bit bit arithmetic more, lack the operation as many bit of S box and so on, therefore, and the computing that the hash of safety should adopt S box and similar many bit to obscure.
For the structure of hash function, there is the conventional method of two classes: the method that the first kind is the most frequently used is to adopt compression function to carry out repeatedly packed compressed to data; Equations of The Second Kind is some mode producing hash value of using block cipher.Other certain methods, comprises and utilizes public key algorithm, does not obtain broad research and application.The present invention adopts the method for the first kind, adopts compression function.
Concrete hash function construction method is:
The first step, determines the message block length L that compression function is processed each time.
Second step, the mode of design filling and additional length information, message is filled, because hash need to have definite result, so, the mode of filling be fixed, for a message, can only there is only filling mode, for filling, should be able to be easy to determine the region of filling, owing to filling length itself, be uncertain, so, can adopt following two kinds of modes: the first, if message-length is not nL-f, fill 0 for first, all bit fill 1 subsequently, or contrary, adopt in this way, except message-length is just the situation of nL-f form, be easy to determine filling content, the length of filling is also determined, fill it into nL-f, if length is nL-f, do not fill, n is the smallest positive integral that meets this condition, f is a fixing value, be less than L, f remains for additional messages length in advance, its length is no more than 2 can meet the length of most message and file
f, simultaneously also not too long is standard, the second, if message-length is not nL-f, adopts above-mentioned filling mode, if message-length is nL-f form, fill in the back the message of a L length, the length after filling is (n+1) L-f, be still first and fill 0, all bit fill 1 subsequently, or contrary.According to the rule of the length of message and filling, can determine the length of filling, both should equate, can carry out verification like this, are provided with obstacle also to forgery and decoding.The mode of additional messages length is: when the binary value of the length of message surpasses f, get the f bit at end, when length is during not as good as f, additional, fill 0 above, finally through filling and additional after message become the multiple of block length L.Owing to there being two kinds of data storage methods, LITTLE-ENDIAN and BIG-ENDIAN, should choose the most suitable a kind of length that represents the message before filling according to Machine Type.
The 3rd step, the length of setting hash value, considers the attack of rainbow table and so on, unless needed especially convenient, not too needs safe occasion, length value n should be greater than 160bit.
The 4th step, determines that the initial value of hash, this (these) value determine, total length is n.The storage mode of selecting data, generally should be identical with the storage mode of message-length.
The 5th step, designs random compression function H, and compression function is the most critical part of hash function, and its input is the initial value of previous hash value or hash, hash value or final hash value in the middle of being output as.The present invention, as said discussion above, in order to reach good diffusion and chaotic effect, should adopt S box or similar many bits to replace parts.The principle of design of S box is the same with the S box design in symmetric cryptography, such as speed is fast, preferably can represent with computing (rather than tabling look-up), has reasonable avalanche effect, diffusion effect, difference uniformity, but without requiring reversibility.The S box of some Open Standard algorithms all has good effect with test by analysis, can preferentially directly use, and without consideration whether reversible (because hash functional value is just for checking, without deciphering).Random contractive function structure can consider to use for reference the building method of existing symmetric cryptography and hash function.Unique distinction is, some parts can adopt random function, such as random S box can have the figure place of a plurality of S boxes, ring shift, can be random, the computing of bit select at random XOR, with and or etc.Other various computings can adopt random function.Unless need to reach special complementation, the effect that liquidates, the randomness of all random function parts should be all to add up independently.Be that the concrete functional form selection of doing between any two or more random function parts is all incoherent.Each concrete functional form of random function generally should have relative equivalence, and can coordinate and reach good security with other parts.Alternatively, an in the end grouping is used after compression function, data to final compression are further compressed, and general is like this for very long when the Design of length of middle hash value being obtained in order to improve security, and the oversize inconvenient occasion of final hash value.
The 6th step, determines random function really delimit the organizational structure structure and the form of yard A, although itself be random according to compression function function, under concrete plaintext (message), function should be determined.The present invention determines the concrete form of this function by determining coding A.Independently the coding of random function parts adopts independent bit position, if some random function parts are correlated with, coding can combine.Random function parts correspondence really delimit the organizational structure code bit bit length be not less than log
2e, e is the number of the concrete form of these random function parts.According to the random number of components of random contractive function and corresponding number of elements thereof, there is relation.Get the required minimum number of bits of each random parts, i.e. log
2e(is integer if) or log
2e rounds and adds 1, if consider to read and convenient storage, also can get the figure place of minimum 8 multiple.Can obtain like this determining the form of the coding of random function, such as how many bit or byte are above to determine which random parts, the information of following how much length is to determine what random parts, so analogizes.Can determine the length of A like this.
The 7th step, really the delimit the organizational structure method of yard A of designing and calculating random function.Determining of random function determined by current group or first grouping.This can think to design a function f, and A=f(am), the am here represents corresponding message grouping.If design safelyr, f can also be changed into random function F, but this can sacrifice efficiency.Note, the final intercepting of A of calculating value out may have redundancy, and this can carry out delivery processing, such as, certain random function parts has 5 kinds of concrete forms, adopt 3bit to encode, they can be encoded respectively to 0,1,2,3,4,3bit is converted to after the decimal system to delivery 5.Certainly be generally preferably designed as and comprise 2
wplant concrete functional form better.
Below the computing method of the hash functional value of single grouping: according to different situations, there are two kinds of methods to determine random function, the first, be to determine random function according to first grouping, continue to use this random function later always; The second, according to current group, determine random function.First according to two kinds of situations, select respectively to input first grouping or current plaintext (message) grouping am, pass through A=f(am) calculate A, according to the data structure of A, carry out certain stage extraction, delivery processing, the coding obtaining can be determined the concrete functional form of all random function parts, like this concrete form h of hash function H
ijust determined hash value d
i=h
i(am, d
i-1).
The process of whole message generation hash value: message is filled, additional length information, then the method for Reusability epimere, using initial hash value or previous hash value as input, to each grouping, utilize random contractive function to produce one by one hash value, progressively compress each grouping until finish.
Security advantages of the present invention has: with respect to existing algorithm, be only one, the variation of input variable, its function of hash function based on random function also changes, and this variation causes the variation of the intermediate result of hash in calculating and final hash value fiercer and be difficult to analysis; Two, algorithm is determined for encrypting and decrypting both sides, but uncertain for analyst.Existing disclosed cryptanalysis method is all for definite algorithm, and function of the present invention itself is uncertain, makes cryptanalysis be difficult to set about.
Although the present invention has very large advantage from the angle of Technical analysis, but, for some, very simply attack, it is invalid such as tabling look-up, attacking, such as some present hash functions have been made into rainbow table by some hackers, one or more plaintext that all hash values is corresponding is all kept in a table, and carries out retrieval ordering, and hacker only need to search and can find collision or original plaintext like this.Therefore, the present invention still needs to improve the length of hash value, and utilizes multiple random function also more easily to increase the length of hash value.Unless be starved of the occasion of convenience at some, very long hash value is used in unpractical situation, just can use the isometric hash value of existing hash function.
Decoding for this class hash function, which concrete function what cryptanalysis person need to determine on the one hand that random function adopts in concrete hash value situation is, also to determine the input of hash on the one hand, the former is very difficult, in addition the two itself is again associated, meet more difficult simultaneously.
Accompanying drawing explanation
Fig. 1 is embodiments of the invention iteration schematic diagram.
Fig. 2 is random function structure process flow diagram of the present invention.
Embodiment
Be below the embodiment of a random hash construction of function, describe for convenience and simplicity, adopt more brief algorithm, and use for reference existing algorithm.
Below according to a random hash function of step structure:
The first step, determines the block length 512bit processing.
Second step, the mode of design filling and additional length information, fills message, fill 1 for first, thereafter position is all 0, fills it into 512n-64, if just for the form of 512n-64, fill 512bit, be equally first and fill 1, thereafter position is all that 0, n is the smallest positive integral that meets this condition, and 64bit remains for additional messages length in advance, because the scale-of-two of the length of most message is generally can not surpass 64 in reality, length is no more than 2
64.When the binary value of the length of message surpasses 64, the length of message is longer than 2
64time, get the 64bit at end, when length is not as good as 64 time, additional, fill 0 to full 64 above, finally through filling and additional after message become the multiple of block length 512.Message-length adopts the storage mode of BIG-ENDIAN.
The 3rd step, the length of setting hash value, is 160bit in order conveniently to get length value n here.
The 4th step, determines the initial value of hash, or initializaing variable, and this (these) value determines, total length is 160bit.Middle hash result and final hash value are stored in to buffer zone, and buffer zone is divided into the register of 5 32bit, is called A, B, C, D, E, initial value is A=0x01234567, B=0xAB89EFCD, C=0xDCFE98BA, D=0x10325476, E=0xC3D2E1F0.Register adopts the storage mode of BIG-ENDIAN.
The 5th step, designs random compression function H.In order to strengthen security, select S box as a safety component here.S box is safety greatly, but can cause the increase of calculated amount and storage, and S box is little dangerous, for software, realizes, and the byte of generally take will facilitate computing as unit, so choose 8bit, byte is as the input and output size of S box.Finite field gf (2
8) on multiplication inverse mapping there is good nonlinearity, difference uniformity and number of times, but due to the too simple and easy attack that suffers interpolation and so on of algebraic expression, it can be combined with an Affine arithmetic.This algorithm as random function parts, is got two S boxes by S box at random, and they all adopt inverse mapping and Affine arithmetic combination, and their difference is that the mapping relations of Affine arithmetic are different.Specifically be transformed to: 1) 8bit is transformed to GF(2
8) on multiplicative inverse, extraly, Binary Zero 0000000 is mapped as 00000000,2) to the result of inverse operation above, adopt affined transformation as follows, owing to being the random function with two kinds of concrete forms, so there are two random scale-of-two affined transformations of selecting:
Above S box is for replacing the message grouping am of 512bit, after being about to this message grouping and replacing according to random S box, and half figure place of 512bit integral left ring shift S box length then, 4bit, obtains Y
q, then to Y
qall carry out 4 and take turns processing, each is taken turns and is comprised of 20 step iteration.4 to take turns processing procedure structure the same, but basic random function used is different, is expressed as F
1, F
2, F
3, F
4.The S box dividing into groups when the message of pre-treatment replaces every being input as of taking turns and the result Y of ring shift
qwith the currency A of buffer zone, B, C, D, E, output is still placed on buffer zone to substitute A, B, and C, D, the old value of E, every each iterative process of taking turns is as shown in accompanying drawing one, and F is random function, is input as B, C, D, K
tfor addition constant, 0≤t≤79 wherein, t represents the step number of iteration.When 0≤t≤19, K
t=0x51827919; When 20≤t≤39, K
t=0x64D9EBA1; When 40≤t≤59, K
t=0x211BBC3C; When 60≤t≤79, K
t=0x6A62C1D; <<<
nrepresent bit loopy moving n position left.N because of operation different.Tian represents modulo 2
32under addition.Word W
ty
qobtain W
tbe that 32bit is long, front 16 words are (from W
0arrive successively W
15) directly get Y
q16 32bit successively, remaining word is (from W
16arrive successively W
79), W
tto be calculated by multiple random function, W
t=<<<
i[(W
t-16oPERATOR
1w
t-14) OPERATOR
2(W
t-8oPERATOR
1w
t-3)], <<<
irepresent left ring shift I position, wherein I is stochastic variable, be 10 and 18, OPERATOR be random operational symbol, OPERATOR
1concrete form be to ask inverse, OPERATOR after XOR, XOR
2concrete form be and, exclusive disjunction on the concrete form of random function, relatively to there is like this complementarity.Random function F is defined as follows table:
Table one random function F definition list
Notice, here F
2and F
4although possible concrete form is identical, they are independently to choose separately one of two concrete functions, belong to different functions.In order to simplify, the randomness of this example is still few, in specific design, can consider more randomness.
The 6th step, determine random function really delimit the organizational structure code structure.We investigate the randomness of function one by one, add that these randomnesss are independently, so can be corresponding with bit independently: the 1) function that replaces at random, random S box has two kinds of concrete forms, needs 1bit.2) random function F
1, F
2, F
3, F
4there are respectively two kinds of concrete forms, need separately 1bit, altogether 4bit.3) W
tfor multiple random function, OPERATOR
1, OPERATOR
2with I are all random factors, have two kinds of forms, need 3bit.Therefore, A needs 8bit coding, and wherein 1bit determines S box, and 0 represents first S box, and 1 represents second, and 2-5bit determines respectively random function, 0 and 1 respectively in representative table according to the concrete functional form of sequencing, 6-8bit determines W
tsolved function.
The 7th step, really the delimit the organizational structure method of yard A of designing and calculating random function.In the time of concrete structure, can adopt two kinds of methods: the first, natural form, each grouping can decide according to the message of grouping the random function of current group; The second, in order to reduce calculated amount, memory space and complexity, the random function is here definite in first grouping, and this function is continued to use in grouping subsequently always.The method of calculating A is: message am is carried out to first S box replacement above, then the 512bit message obtaining is divided into two 256bit groupings, carry out respectively left ring shift, the grouping displacement 4bit on the left side, the grouping displacement 6bit on the right, numeral after two parts displacement is carried out to XOR, obtain 256bit grouping.Then proceed the replacement of identical S box, grouping, and two parts are carried out to left ring shift 4bit and 6bit, XOR then, the circulations of the many wheels of result obtain the result of 8bit, as A, for determining the concrete form of function.So just can produce data summarization with the hash function of design.It will be very difficult that cryptanalysis person wants to decode.Even if cryptanalysis person has known former message, want to forge an identical message, say that in principle he can know the concrete form of hash function in this case, but the plaintext that he forges not only will draw the identical yard A that really delimits the organizational structure by computing method, to obtain identical hash value simultaneously, obviously be also very difficult, in the situation that not knowing expressly, he had not both known algorithm, do not know again message, the message of forging also needs to meet dual condition simultaneously, has greatly increased the difficulty of decoding.
Claims (5)
1. an one-way Hash function building method, it is characterized in that determining that from existing employing the hash function of function is different, adopt random, uncertain random function to construct hash function, alleged random function F (m) has a plurality of different concrete functional form { f here
1(m), f
2(m), f
3(m) ..., f
k(m) }, the difference of it and existing hash function is, when plaintext m is uncertain, random Harsh function F is uncertain, and when input is expressly determined, hash function is definite function f
i, there are mapping relations in the concrete form f of m and hash function expressly, has a function S (m), makes to determine the coding A=S (m) of functional form, by A, determines i, and m determines the concrete functional form f of hash function
i, making the hash function of structure is uncertain for the code breaker who holds cryptographic hash, in order to increase the number k of the concrete form of random function on the basis in less constructed fuction workload, adopt a plurality of random function parts to construct random hash function, the building method of random parts has a plurality of functions of good security as the multiple concrete form fd of a random function parts FD for selecting
1, fd
2, fd
3..., fd
k, the constitution step of random hash function is: the first step, determine the message block length L that compression function is processed each time, second step, the mode of design filling and additional length information, message is filled, for a message, can only there is only filling mode, adopt one of following two kinds of modes: the first, if message-length is not nL-f, fill 0 for first, all bit fill 1 subsequently, or contrary, adopt in this way, except message-length is just the situation of nL-f form, be easy to determine filling content, the length of filling is also determined, fill it into nL-f, if length is nL-f, do not fill, n meets the smallest positive integral that message-length is less than or equal to this condition of nL-f, f is a fixing value, be less than L, f remains for additional messages length in advance, its length is no more than 2 can meet the length of most message and file
f, the second, if message-length is not nL-f, adopt above-mentioned filling mode, if message-length is nL-f form, fill in the back the message of a L length, the length after filling is (n+1) L-f, be still first and fill 0, all bit fill 1 subsequently, or contrary, according to the rule of the length of message and filling, can determine the length of filling, the filling length definite according to the rule of the length of message and filling equates, can carry out verification like this, be provided with obstacle also to forgery and decoding, the mode of additional messages length is: when the binary value of the length of message surpasses f, get the f bit at end, when length is during not as good as f, additional, fill 0 above, finally the message after filling and adding becomes the multiple of block length L, the 3rd step, the length of setting hash value, length value N is greater than 160bit, the 4th step, determines that the initial value of hash, initial value determine, total length is N, selects the storage mode of data, should be identical with the storage mode of message-length, the 5th step, random function H is as compression function in design, and its input is the initial value of previous hash value or hash, and hash value or final hash value in the middle of being output as adopt some random function parts to construct as the random function of compression function, the 6th step, determines random function really delimit the organizational structure structure and the form of yard A, and really the delimit the organizational structure bit bit length of code of random function parts correspondence is not less than log
2e, e is the number of the concrete form of these random function parts, can obtain like this form of the coding of definite random function, determines the length of A, the 7th step, really the delimit the organizational structure method of yard A of designing and calculating random function, by designing a function S, makes A=S(m).
2. one-way Hash function building method as claimed in claim 1, is characterized by: determine that coding A is only determined by a message grouping am of plaintext m, am chooses first message grouping or current group.
3. one-way Hash function building method as claimed in claim 2, the concrete form that it is characterized by random function is to have complementary function.
4. one-way Hash function building method as claimed in claim 2, is characterized in that random function one of is adopted in two ways to determine: the first, and the message of first grouping is determined the concrete form of random contractive function, continues to use this concrete function later always; The second, the message of each grouping is determined the concrete form of the random contractive function that current group is used.
5. one-way Hash function building method as claimed in claim 4, is characterized in that each concrete form f of function
iin all include the process that adopts S box to replace.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210013532.XA CN102542070B (en) | 2012-01-17 | 2012-01-17 | Method for structuring one-way Hash function based on random function |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210013532.XA CN102542070B (en) | 2012-01-17 | 2012-01-17 | Method for structuring one-way Hash function based on random function |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102542070A CN102542070A (en) | 2012-07-04 |
| CN102542070B true CN102542070B (en) | 2014-10-15 |
Family
ID=46348949
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210013532.XA Active CN102542070B (en) | 2012-01-17 | 2012-01-17 | Method for structuring one-way Hash function based on random function |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102542070B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102013208836A1 (en) * | 2013-05-14 | 2014-11-20 | Robert Bosch Gmbh | Method and apparatus for generating a hash value |
| CN105281911B (en) * | 2015-08-04 | 2018-09-25 | 电子科技大学 | By the hash function method of random length character string maps to fixed size matrix |
| CN108768656B (en) * | 2018-04-17 | 2021-04-06 | 无锡科技职业学院 | Data verification method based on Hash algorithm |
| CN109194467A (en) * | 2018-06-29 | 2019-01-11 | 北京东方英卡数字信息技术有限公司 | A kind of safe transmission method and system of encryption data |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101594228A (en) * | 2009-07-02 | 2009-12-02 | 西安电子科技大学 | Authentication encryption method between certificate public key cryptosyst and the identity public key system |
| CN101626364A (en) * | 2008-07-08 | 2010-01-13 | 赵运磊 | Method for authentication for resisting secrete data disclosure and key exchange based on passwords |
| CN101834724A (en) * | 2010-04-27 | 2010-09-15 | 武汉大学 | Authenticated encryption method of public key and digital signature method |
-
2012
- 2012-01-17 CN CN201210013532.XA patent/CN102542070B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101626364A (en) * | 2008-07-08 | 2010-01-13 | 赵运磊 | Method for authentication for resisting secrete data disclosure and key exchange based on passwords |
| CN101594228A (en) * | 2009-07-02 | 2009-12-02 | 西安电子科技大学 | Authentication encryption method between certificate public key cryptosyst and the identity public key system |
| CN101834724A (en) * | 2010-04-27 | 2010-09-15 | 武汉大学 | Authenticated encryption method of public key and digital signature method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102542070A (en) | 2012-07-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10009171B2 (en) | Construction and uses of variable-input-length tweakable ciphers | |
| CN102404111B (en) | A kind of sectional encryption method adopting uncertain AES | |
| US8345861B2 (en) | Sharing a secret using polynomial division over GF(Q) | |
| CN107276744B (en) | File storage encryption method and system | |
| EP3371928B1 (en) | Key sequence generation for cryptographic operations | |
| WO2014136386A1 (en) | Tag generation device, tag generation method, and tag generation program | |
| CN114640454B (en) | Cryptographic system of post quantum cryptography crystal Kyber protocol | |
| CN102542070B (en) | Method for structuring one-way Hash function based on random function | |
| JP2008513811A (en) | Calculation conversion method and system | |
| Walia et al. | Implementation of new modified MD5-512 bit algorithm for cryptography | |
| CN110543778A (en) | linear random encryption and decryption algorithm for character data | |
| CN112152784A (en) | Parallel processing techniques for hash-based signature algorithms | |
| Tiwari | Cryptography in blockchain | |
| CN102752285A (en) | Pre-authentification computer system login method based on high collision probability hash function | |
| CN102546159B (en) | Random one-way hash function construction method capable of preventing table check-up attack | |
| CN106165340A (en) | encryption method, program and system | |
| CN114629665B (en) | Hardware platform for trusted computing | |
| Mukesh et al. | Enhancing AES algorithm with arithmetic coding | |
| CN102638344A (en) | Method for constructing reinforced hash function based on compression function | |
| CN106301764B (en) | Message summarization method and system based on path hashing | |
| Abutaha et al. | New one way hash algorithm using non-invertible matrix | |
| Dunkelman et al. | Generalizing the herding attack to concatenated hashing schemes | |
| Rastaghi | An efficient CCA2-secure variant of the McEliece cryptosystem in the standard model | |
| Sumathi et al. | Study of Data Security Algorithms using Verilog HDL. | |
| JP5207153B2 (en) | Pseudo random number generation system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: GUILIN UNIVERSITY OF ELECTRONIC TECHNOLOGY Free format text: FORMER OWNER: WANG YONG Effective date: 20140213 |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20140213 Address after: Guilin City, the Guangxi Zhuang Autonomous Region Jinji road 541004 No. 1 Applicant after: Guilin University of Electronic Technology Address before: 541004 School of computer science and engineering, Guilin University of Electronic Technology, 1 Jinji Road, Guilin, the Guangxi Zhuang Autonomous Region, Guilin Applicant before: Wang Yong |
|
| TA01 | Transfer of patent application right | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210610 Address after: 541004 No. 123, Liuhe Road, Guilin, the Guangxi Zhuang Autonomous Region Patentee after: Guilin Biqi Information Technology Co.,Ltd. Address before: 541004 1 Jinji Road, Guilin, the Guangxi Zhuang Autonomous Region Patentee before: GUILIN University OF ELECTRONIC TECHNOLOGY |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220921 Address after: Room 508, No. 42, Guangzhou Road, Zhongxing Street, Development Zone, Nantong City, Jiangsu Province, 226000 Patentee after: Nantong Jiatianxia Technology Co.,Ltd. Address before: 541004 No. 123, Liuhe Road, Guilin, the Guangxi Zhuang Autonomous Region Patentee before: Guilin Biqi Information Technology Co.,Ltd. |