Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12] [ 13] [ 14] [ 15] [ 16] [ 17] [ 18] [ 19]


Journal of Information Science and Engineering, Vol. 24 No. 5, pp. 1473-1484 (September 2008)

Analysis of All-or-Nothing Hash Functions*

Pin Lin1,3, Wenling Wu1, Chuankun Wu1 and Tian Qiu2,3
1The State Key Laboratory of Information Security
Institute of Software
Chinese Academy of Sciences
2National Key Laboratory of Integrated Information System Technology
3Graduate School of Chinese Academy of Sciences
Beijing 100190, P.R. China
E-mail: {wwl; ckwu};

The most popular method to construct hash functions is to iterate a compression function on the input message. This method is called Merkle-Damg?rd method. Most hash functions used in practice such as MD4, MD5, SHA-0, SHA-1 are based on this method. However this method is not always the best. For example, this method can not resist multi-collision attack. Recently some modifications of this method are proposed. These modified methods are based on Merkle-Damg?rd method and some improvements are made. A hash function based on All-or-Nothing property is one of these improvements. All-or-nothing property is an encryption mode for block ciphers. It has the property that one must decrypt all cipher blocks to determine any plain-text block. All-or- nothing hash function is a kind of hash function constructed with the all-or-nothing property. The authors of it claim that it is more secure than those common hash functions. In this paper, we will show that this is not true and there are still some flaws on this improved method.

Keywords: hash functions, compression functions, random oracle, all-or-nothing, block cipher

Full Text () Retrieve PDF document (200809_12.pdf)

Received January 8, 2007; revised October 8, 2007; accepted November 12, 2007.
Communicated by Wen-Guey Tzeng.
*This work was supported by National Natural Science Foundation of China (grant No. 90604036), Major State Basic Research Development Program of China (973 Program, grant No. 2004CB318004) and National High-Tech Research and Development Program of China (863 Program, grant No. 2007AA01Z470).