| 摘要 |
A secure hash function according to the present invention uses a stretch function 202 and a compression function 202 to provide a secure hash value. A stretch function is a function which increases an input string (pre-image). In one version of the invention, a stretch function f maps l-bit inputs into 2m bit, where 2m>l. Preferably, the stretch function f is one-way. The stretch function randomizes the input string. The output of the stretch function is fed into a compression function c, which compresses the stretch function output from 2m bits to 2n bits, where m>n. The compression function is preferably a cryptographic primitive selected from a family of compression functions. In a preferred embodiment, a standard key scheduling algorithm of the cryptographic compression function (such as DES) is replaced and an output of the stretch function is used as the key. The inventors find that using a stretch function output as the compression function key improves the security of the compression function. Moreover, because the stretch function output randomizes the input string, the security constraints on the compression function are less stringent. As a result, an efficient, simple, and secure hash function is provided.
|
