JISE


  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19]


Journal of Information Science and Engineering, Vol. 24 No. 5, pp. 1473-1484


Analysis of All-or-Nothing Hash Functions

Pin Lin1,3, Wenling Wu1, Chuankun Wu1 and Tian Qiu2,3
1The State Key Laboratory of Information Security 
Institute of Software 
Chinese Academy of Sciences 
2National Key Laboratory of Integrated Information System Technology 
3Graduate School of Chinese Academy of Sciences 
Beijing 100190, P.R. China 
E-mail: ping_linux@163.com 
E-mail: {wwl; ckwu}@is.iscas.ac.cn; qiutian@ios.cn

    The most popular method to construct hash functions is to iterate a compression function on the input message. This method is called Merkle-Damg?rd method. Most hash functions used in practice such as MD4, MD5, SHA-0, SHA-1 are based on this method. However this method is not always the best. For example, this method can not resist multi-collision attack. Recently some modifications of this method are proposed. These modified methods are based on Merkle-Damg?rd method and some improvements are made. A hash function based on All-or-Nothing property is one of these improvements. All-or-nothing property is an encryption mode for block ciphers. It has the property that one must decrypt all cipher blocks to determine any plain-text block. All-or- nothing hash function is a kind of hash function constructed with the all-or-nothing property. The authors of it claim that it is more secure than those common hash functions. In this paper, we will show that this is not true and there are still some flaws on this improved method.

Keywords: hash functions, compression functions, random oracle, all-or-nothing, block cipher

  Retrieve PDF document (JISE_200805_12.pdf)