【作者】 魏悦川；

【导师】 李超；

【作者基本信息】 国防科学技术大学 ， 数学， 2007， 硕士

【摘要】 Hash函数是密码学领域的重要分支,在数字签名、消息认证、完整性检测等领域有着广泛的应用。近年来,人们对于Hash函数的密码分析已经取得了突破性进展,设计、分析、评价Hash函数已成为密码学领域的热门话题。Hash函数的设计主要有迭代结构和压缩函数两个方面,本文回顾了Hash函数的基本设计原理以及常用的攻击方法,介绍了最经典结构Merkle-Damg(?)rd迭代结构与它存在的缺陷和漏洞.在此基础上,研究了三种典型Hash函数的变种攻击,讨论了模差分与异或差分之间的关系,主要的研究结果如下:Chabaud-Joux攻击是对SHA系列Hash函数最成功的攻击之一,它是基于寻找寄存器差分的修正样式.我们给出了SHA-256压缩函数的三种变种形式,分析了SHA-256的变种抵抗Chabaud-Joux攻击的能力,并与对SHA-256的攻击结果进行比较,进而分析SHA-256压缩函数选择上的优劣性。SMASH是一个全新的Hash函数,基于前推性质,介绍了SMASH的算法设计与攻击方法,为使算法免疫这种攻击,讨论了改进SMASH的方案,改进的主要思想是破坏前推性质和增加寻找可预测差分的复杂性.模运算和异或运算是Hash函数压缩函数中常用的两种运算,相应的差分为模差分和异或差分.本文给出了模差分与异或差分相互转化的充分必要条件,得到了在给定异或差分的条件下,求保持模差分不变的整数对的算法;讨论了模差分与异或差分在Hash函数安全性分析中的应用,作为实例,给出了寻找消息认证码(MAC)函数ASP的伪碰撞的具体方法.更多还原

【Abstract】 Hash function is one of the most important embranchment in modern cryptology, which is widely used in digital signature schemes, message authentication and integrity checking. Recently, many break through have been made in Hash function’s cryptanalysis. Now, designing, analysing and evaluating a Hash function have become a hot topic in cryptology field.Design of hash functions includes iterated structure design and compression function design. Basic design principles and common attack methods are reviewed in this paper, the most classical iterated structure, Merkle-Damgard structure is described, limitations and leaks are also studied. On this basis, the paper explores three kinds of forms of compress functions of classic Hash, discusses the relationship between addition arithmetic and XOR arithmetic. Main work as follows:Chabaud-Joux attack, which is based on finding a corrective pattern for the register is one of the most successful attacks on the SHA algorithms. In this paper, we present three kinds of variant forms of compress functions of SHA-256, and analysis the security of three variants against the Chabaud-Joux attack compared with SHA-256. It follows that the selection of the compression function’s structure highly affects the complexity of the attack. Furthermore, a local collision in the vulnerable variant is presented.SMASH is a new hash function proposal, based on the property of forward prediction. The design principle and attack method of SMASH are described, and some approaches such that SMASH can resist on this attack are suggested. The main measures are destroying forward prediction property and increasing the complexity of find divinable difference.Addition arithmetic and XOR arithmetic are usually used in the design of hash functions; the corresponding differences are called addition difference and XOR difference, respectively. The paper presents a sufficient and necessary condition of the transition of addition-XOR differences, and an algorithm of finding the integer pairs which preserve addition differences when XOR differences are given, and studies their applications in analyzing the security of Hash function. As an example, we show how to find a pseudo-collision in a Message Authentication Code function which is called ASP.更多还原