摘要 |
The invention aims to provide a hash function whose safety can be evaluated. To achieve this, a message that is input to a message blocking unit 122 is split into multiple message blocks, and shuffled at a shuffling unit 126 using block ciphers per message block from a round key generated at a first round-key generation unit 124 or a second round-key generation unit 125 using a round constant generated at a round-constant generation unit 123. In calculation of the block cipher, particular split data among multiple split data obtained by splitting the blocks are transformed with an F function, and an exclusive disjunction of the transformed data with other particular data is calculated. Using the F function, a transformation including at least a nonlinear transformation is performed more than once.
|