CN101414904A - Hash function method with single-wheel time anti-collision - Google Patents

Abstract

The invention discloses a kind of hash function method, belong to field of information security technology with single-wheel time anti-collision.Described method comprises: with coupling mapping grid is model, the method that adopts floating-point operation and traditional bit operating to combine.The mode that the coupling mapping adopts local and whole coupling to combine, the state variable in the mapping are determined that by the chain variable parameter in the mapping is determined by input information and its extend information.Input information is expanded by non-linear ff (comprising cyclic shift, modulo addition and the operation of S box) operation.Introduce two whole coupling variables, whole coupling variable is the function of whole input informations and state variable.To the output variable delivery, make XOR with chain variable, the information of input; The real numberization as a result that will obtain again is as the input value continuation iteration of mapping.The present invention is with the inferior high complexity of single-wheel, and the calculation cost of less round ensures its fail safe.This method is of a tightly knit structure, and output hashed value length can change, and is easy to software and realizes, also can realize by embedded type CPU technology hardware.

Description

Hash function method with single-wheel time anti-collision

Technical field

The present invention relates to field of information security technology, or rather, design a kind of hash function method.

Background technology

Hash function also claims one-way hash function, is that a kind of message compression with random length is the function of eap-message digest (also claiming hashed value) with regular length.The function that satisfies this condition is a lot, but hash function also requires to satisfy following characteristic: (1) is easy to calculate its hashed value to given message; (2) given hashed value, calculating former message according to hash function is that calculating is gone up impossible; (3) given message and hashed value will find another different message, and it is impossible making them have identical hashed value; (4) to any given different messages, it is impossible making their hashed value identical.Can not be meant under the existing resources condition here is impossible in the calculating.

The application of hash function aspect information security is mainly reflected in the digital signature.Along with being extensive use of of information technology and network, the particularly fast development of e-commerce and e-government and universal, the application demand of digital signature is increasing.In digital signature, because the arithmetic speed of asymmetric arithmetic is slower,, again the information hashed value is carried out digital signature so in digital signature protocol, at first will utilize hash function to generate the information hashed value, can improve signature efficient widely like this.Hash function is except being used in digital signature, and " digital finger-print " of all right spanned file prevents the malicious sabotage to data.File is carried out hashed value calculate, and compare, just can find whether existing file is modified with original " fingerprint " that leave place of safety in.Hash function can also be used in the authentication protocol." authentication " can be interpreted as identifying authority.Whether the authentication square tube is crossed the comparison of Hash functional value, judge to being crossed authentication by the authentication square tube.

At present existing a lot of hash function algorithms, that wherein more famous is MD4, MD5, RIPEMD, HAVAL and SHA series.Calendar year 2001 and 2002 American National Standard technical research institute promulgation SHA-1, SHA-256, SHA-384 and SHA-512 are the hash function standard.Europe was at definite Whirlpool in 2003, and SHA-256, SHA-384 and SHA-512 are the hash function standard.Because MD4 and HAVAL algorithm are decoded in succession, especially in recent years, MD5 and SHA-1 hash function standard have successfully been decoded by the China Wang Xiaoyun of Shandong University professor group, this has caused vibrations in the world, make people's sight focus on hash function once more, analytical method and method for designing that the U.S. more organized international conference that hash function is discussed specially in 2006 make the hash function of design safety become a research focus.

Existing hash function is seldom introduced and is resolved floating-point arithmetic operation based on the bit algebraic manipulation.Reason one is that the former helps the hardware realization, the 2nd, be easy to realize collision to resolving computing with the parsing inverse operation.Under so flourishing at network in the environment that computer is popularized, software resource is to the utmost in practice be general and easy, if bit operating and parsing computing are combined, the hash function method that designs high efficiency and high security is very significant.Even implement also can use the embedded type CPU means to realize the system that parsing computing and bit algebraic manipulation combine to hardware.To resolving the security vulnerabilities of inverse operation, can be overcome by the method for resolving computing and bit operating combination.

Summary of the invention

Existing hash function is strengthened its fail safe with the calculating of many rounds mostly, but is usually covering the related weakness that some can calculate collision in the iteration of surface complexity between each round.The present invention will provide a kind of new safe, crash-resistant hash function method, and the fail safe of system is not that the complexity that relies on many rounds realizes, but relies on the inferior high-strength complex polygamy of single-wheel to realize.

Scheme of the present invention is: with coupling mapping grid is model, the method that adopts floating-point operation and traditional bit operating to combine.Utilize the bit algebraic manipulation to increase the difficulty of seeking collision by the parsing computing, utilize again and resolve obscuring and diffusion rate of nonlinear operation increase bit, to reach the purpose of the anti-crashworthiness of raising system.The mode that the coupling mapping adopts local and whole coupling to combine, the state variable in the mapping are determined that by the chain variable parameter in the mapping is determined by input information and its extend information.The single-wheel of system time computing just possesses the desired anti-impact strength of hash function, and the fail safe that this hash function is used has more been guaranteed in two round computings.

Realize the scheme of the object of the invention, its process feature is to comprise four steps: preliminary treatment, and calculation of parameter, coupling mapping grid Equation for Calculating and hashed value output:

A1) preliminary treatment.Preliminary treatment comprises definite initial chaining value (ICV), and information shaping and information transform.

A2) calculation of parameter.Calculation of parameter comprises that the init state variable of coupling mapping grid equation calculates and the real number conversion of information.

A3) coupling mapping grid Equation for Calculating.Adopt N lattice point coupling model, local is tied mutually with whole coupling

Close.

A4) hashed value output.The output valve of last group information of cascade is as the hashed value of function.

At A1) in, preliminary treatment is by definite initial chaining value (ICV), and information shaping and information transform three steps and form:

A1.1) defining constant.Determine N 32 bit initial chaining value (ICV) H ₁, H ₂..., H _N(method is seen embodiment B2), N are integer, and N can be taken as 4,6,8,12 or 16.

A1.2) the information shaping is that prime information is replenished the position by filling, and adds the original text length information, and making the shaping message length is the integral multiple process of block length.Every group of information fixed number of bits is 32N, and shaping the source language message length is the 32Nn bit, and n is an integer.

Described process by the source language message generation shaping information further comprises:

When the source language message length is not (32Nn-128) bit, behind original text, the level add one 1 and several 0.Wherein 128 fixedly are used for identifying original text length.

A1.3) every group of 32N Bit String turns to N 32 bit integer m ₁, m ₂..., m _N(arrange 32 Bit String i ₃₁i ₃₀... i ₁i ₀In, i ₃₁Be most significant bit, i ₀Be significant bits).

At A2) in, calculation of parameter comprises the calculating of init state variable, the expansion of information and the real number conversion of information of coupling mapping grid equation, concrete grammar is as follows:

A2.1) init state variable.There is N coupling mapping grid grid in system, and its N variable-definition is x ₁, x ₂..., x _N-1, x _N, each variable double precision real number representation.Integer H ₁, H ₂..., H _NAssignment is given z ₁, z ₂..., z _N, and be converted into the double precision real number, shine upon the initial state state variable of grid equation as coupling:

z _i＝H _i，i＝1，2，...，N

$x_i=\frac{z_i}{2^{32}},$ ?i＝1，2，...，N

A2.2) expansion of information.Is the 32N bit expanded of input the 64N bit, promptly N 32 bit integer m ₁, m ₂..., m _NExpand to 2N 32 bit integer.Extended mode is:

m _i+N＝ff(m _i)，i＝1，2，...，N

ff(m _i)＝g[R(m _i)]

＝g[(m _i>>>4)∧(m _i>>>8)∧(m _i>>>16)∧(m _i<<<8)]，i＝1，2，...，N

Ff is a nonlinear transformation.(x〉〉〉t) expression x cyclic shift t bit to the right wherein, (x＜＜＜t) expression x cyclic shift t bit left, ∧ is for pressing the bit XOR.

A2.3) information of input and expansion changes the double precision real number into:

$a_i=3.0+\frac{m_i}{2^{32}},$ ? $b_i=0.25+\frac{m_{i+N}}{2^{34}},$ ?i＝1，2，...，N

A2.2) the ff conversion in the expansion of related information comprises cyclic shift R and g conversion:

A2.2.1) cyclic shift R.32 bit informations are made 4 different cyclic shifts, and the result presses the bit XOR.

R(m _i)＝(m _i>>>4)∧(m _i>>>8)∧(m _i>>>16)∧(m _i<<<8)，i＝1，2，...，N

A2.2.2) the g conversion is 32 bit inputs, the nonlinear transformation (seeing Fig. 1 and table 1) of 32 bits output.At first 32 bits of input are divided into four byte A ₄‖ A ₃‖ A ₂‖ A ₁, each byte is 8 bits, wherein A ₄It is the higher bit position.Each byte is carried out the conversion of S box.The most last output S (A of 4 byte align of conversion ₄) ‖ S (A ₃) ‖ S (A ₂) ‖ S (A ₁).

A2.2.3) S box conversion.The conversion of S box is the inputs of 8 bits, the mapping transformation at random of 8 bits output.X in the table 1, y is respectively hexadecimal number, and x|y represents that 8 bit integer imported, x are high-order, and y is a low level.Value in the table 1 is the S (x|y) of corresponding output, and output valve is a hexadecimal representation.

At A3) be coupled to shine upon and adopt local and whole the coupling to combine in the grid Equation for Calculating.Adopt N lattice point coupling model,

Specific implementation has following step:

A3.1) the mapping equation structure is:

y ₁＝f ₁(a ₁，x ₁)+f ₂(b _N，k _N，x _N)+f ₁(a ₂，u)+f ₂(b ₃，k ₃，w)，

y ₂＝f ₁(a ₂，x ₂)+f ₂(b ₁，k ₁，x ₁)+f ₁(a ₃，u)+f ₂(b ₄，k ₄，w)，

y _i＝f ₁(a _i，x _i)+f ₂(b _i-1，k _i-1，x _i-1)+f ₁(a _i+1，u)+f ₂(b _i+2，k _i+2，w)，i＝3，4，...，N-2

y _N-1＝f ₁(a _N-1，x _N-1)+f ₂(b _N-2，k _N-2，x _N-2)+f ₁(a _N，u)+f ₂(b ₁，k ₁，w)，

y _N＝f ₁(a _N，x _N)+f ₂(b _N-1，k _N-1，x _N-1)+f ₁(a ₁，u)+f ₂(b ₂，k ₂，w)

f ₁And f ₂Be respectively secondary and once mapping, variable u, the real variable that w is coupled to form by N lattice point, equation is by variable u, and w realizes whole coupling.k ₁, k ₂..., k _NIt is the double precision constant (concrete numerical value and production method are seen B3) of input.

A3.2) state variable is carried out the H of delivery and input _i, information m _iMake XOR, variable is as new z _iOutput, and be converted into real number:

z _i＝y _i×2 ⁴⁸mod2 ³²

?i＝1，2，...，N.

$x_i=\frac{z_i}{2^{32}}$

Boundary condition satisfies m _N+i=m _i, H _N+i=H _i, i=1,2 ..., N.

A3.3) carry out A3.1 continuously) and A3.2) operation p time after, output variable z ₁, z ₂..., z _N-1, z _N

A3.4) upgrade the chain value.Output variable z ₁, z ₂..., z _N-1, z _NAs new H _iOutput, that is:

H _i＝z _i，i＝1，2，...，N

H _iInitial value as next group hash function calculates expressly carries out A1 to next group), A2) and calculating A3).

At A3.1) in, function f ₁, f ₂With whole coupling variable u, w specific implementation method is as follows:

A3.1.1) f ₁Mapping: f ₁(c, x)=cx (1-x).C is the parameter of mapping, at A2.3) in determine by information.

A3.1.2) f ₂Mapping: f ₂(c, k, x)=c (x+k).C is the parameter of mapping, at A2.3) in determine by information.K is a constant, and concrete numerical value and production method are seen embodiment B3.

A3.1.3) variable u is constructed by following formula:

$u_1=\underset{i=1}{\overset{N}{\mathrm{\&Sigma;}}}{f}_2(b_i,k_i,x_i),$

u ₂＝u ₁×2 ⁴⁸mod?2 ³²，

u ₃＝ff(u ₂)，

$u=\frac{u_3}{2^{32}},$

A3.1.4) variable w is constructed by following formula:

$w_1=\underset{i=1}{\overset{N}{\mathrm{\&Sigma;}}}{f}_1(a_i,x_i),$

w ₂＝w ₁×2 ⁴⁸mod?2 ³²，

w ₃＝ff(w ₂)，

$w=\frac{w_3}{2^{32}}$

At A4) in, hashed value when output, import all information repeating step A1), A2) and A3), until last group information.The H of last group information of cascade _i, i=1,2 ..., N is as last hashed value H ₁‖ H ₂‖ ... ‖ H _N-1. ‖ H _NOutput.

The present invention is based on the hash function method of coupling mapping grid pattern, on algorithm structure with famous MD4, MD5, RIPEMD, SHA series, differences such as Whirlpool, adopt the fail safe of (p=2) computing assurance system of few round, and the fail safe of system can be operated with single-wheel and analyzes, analyze simple, good reliability.The hash function of the present invention's design is flexible, effectively.Under the condition that does not change project organization, only need requirement according to the output hashed value, can reach requirement by the number of selecting the coupling lattice point.N=4,6,8,12,16 corresponding respectively output 128,192,256,384 and 512 bit hash value.When the output hashed value increased, computational efficiency did not descend, and this point is better than known most of hash function methods.The above method conveniently is applied to software and uses, and can be used for hardware environment under embedding CPU condition.

Description of drawings

Fig. 1 is a g conversion schematic diagram of the present invention.

Table 1 is a S box of the present invention mapping table at random.

Embodiment

B1) the present invention designs five kinds of hashed values 128,192,256,384 and 512 bits altogether, according to the hashed value requirement, selects the number of coupling lattice point.Concrete enforcement parameter is as follows:

B1.1) coupling lattice point number N=4, iteration round p=2 exports 128 bit hash value.

B1.2) coupling lattice point number N=6, iteration round p=2 exports 192 bit hash value.

B1.3) coupling lattice point number N=8, iteration round p=2 exports 256 bit hash value.

B1.4) coupling lattice point number N=12, iteration round p=2 exports 384 bit hash value.

B1.5) coupling lattice point number N=16, iteration round p=2 exports 512 bit hash value.

B2) the present invention needs definite initial condition value H when realizing ₁, H ₂..., H _NTo the hashed value output of different bits, H ₁, H ₂..., H _NThe value implementation method is as follows:

Work as N=4,6,12,16 o'clock, $H_i=\mathrm{int}[\ln (1+\sqrt{\frac{i}{N+1}}\&times;1.718)\&times;2^{32}],$ i＝1，2，...，N。

When N=8, $H_i=\mathrm{int}[\ln (1+\sqrt{\frac{i}{N+3}}\&times;1.718)\&times;2^{32}],$ i＝1，2，...，N。Int represents the fractions omitted part, only keeps integer part.

According to the method described above, H ₁, H ₂..., H _NValue following (with hexadecimal representation):

B2.1) coupling lattice point number N=4, four initial value value H ₁=91ED38AA, H ₂=BC4AC89D, H ₃=D8A01D1A, H ₄=EE4B30CB.

B2.2) coupling lattice point number N=6, six initial value value H ₁=8018B519, H ₂=A6C50F56, H ₃=C0EDC832, H ₄=D514141C, H ₅=E59AD573, H ₆=F3ADFDEE.

B2.3) coupling lattice point number N=8, eight initial value value H ₁=6ADA291D, H ₂=8CB280AB, H ₃=A3EFC179, H ₄=B6030647, H ₅=C4F176FB, H ₆=D1BB3843, H ₇=DCF3E6BF, H ₈=E6F91BB7.

B2.4) coupling lattice point number N=12,12 initial value value H ₁=63C1258E, H ₂=83DF84C4, H ₃=9A0BEFB1, H ₄=AB5AC599, H ₅=B9B0AE14, H ₆=C5FE6CFD, H ₇=D0CF18EC, H ₈=DA7B1242.H ₉＝E33E5756，H ₁₀＝EB43ABBF，H ₁₁＝F2AAB63B，H ₁₂＝F98B9A28。

B2.5) coupling lattice point number N=16,16 initial value value H ₁=592B1196, H ₂=76992425, H ₃=8B16AC27, H ₄=9B2C65DA, H ₅=A88D7C2D, H ₆=B4131777, H ₇=BE3B2292, H ₈=C755E0A4.H ₉＝CF99F4BD，H ₁₀＝D72E69A4，H ₁₁＝DE303559，H ₁₂＝E4B57966，H ₁₃＝EACF8964，H ₁₄＝F08C3CA7，H ₁₅＝F5F6D254，H ₁₆＝FB18903E。

B3) the present invention needs definite constant value k when realizing ₁, k ₂..., k _NInput.To the hashed value output of different bits, k ₁, k ₂..., k _NThe value implementation method is as follows:

Work as N=4,6,12,16 o'clock, $k_i=\cos \left(\frac{i}{N+1}\right),$ ?i＝1，2，...，N。

When N=8, $k_i=\cos \left(\frac{i}{N+3}\right),$ i＝1，2，...，N。

According to the method described above, k ₁, k ₂..., k _NValue is as follows:

B3.1) coupling lattice point number N=4, four constant value k ₁=0.9801, k ₂=0.9211, k ₃=0.8253, k ₄=0.6967.

B3.2) coupling lattice point number N=6, six constant value k ₁=0.9898, k ₂=0.9595, k ₃=0.9096, k ₄=0.8411, k ₅=0.7556, k ₆=0.6546.

B3.3) coupling lattice point number N=8, eight constant value k ₁=0.9959, k ₂=0.9835, k ₃=0.9630, k ₄=0.9346, k ₅=0.8985, k ₆=0.8549, k ₇=0.8043, k ₈=0.7470.

B3.4) coupling lattice point number N=12,12 constant value k ₁=0.9970, k ₂=0.9882, k ₃=0.9735, k ₄=0.9530, k ₅=0.9269, k ₆=0.8954, k ₇=0.8585, k ₈=0.8166, k ₉=0.7698, k ₁₀=0.7184, k ₁₁=0.6629, k ₁₂=0.6034.

B3.5) coupling lattice point number N=16,16 constant value k ₁=0.9983, k ₂=0.9931, k ₃=0.9845, k ₄=0.9724, k ₅=0.9571, k ₆=0.9384, k ₇=0.9164, k ₈=0.8913, k ₉=0.8631, k ₁₀=0.8319, k ₁₁=0.7979, k ₁₂=0.7610, k ₁₃=0.7216, k ₁₄=0.6796, k ₁₅=0.6353, k ₁₆=0.5888.

B4) the present invention utilizes software programming to implement.Programming in implementing all real numbers adopt the double-precision floating point computings to realize that numerical value rounds and all integers are defined as 32 bit length integers, S box (input of 8 bits and the output of 8 bits) 1 is realized by tabling look-up.

B5) the g conversion for example.X is respectively 0 and 075BCD15 (hexadecimal representation), calculates g (x) value.

0 is divided into four bytes, A ₄=0, A ₃=0, A ₂=0, A ₁=0.S (A tables look-up ₄)=B5, S (A ₃)=B5, S (A ₂)=B5, S (A ₁)=B5.g(0)＝B5B5B5B5。

075BCD15 is divided into four bytes, A ₄=07, A ₃=5B, A ₂=CD, A ₁=15.S (A tables look-up ₄)=08, S (A ₃)=B8, S (A ₂)=C6, S (A ₁)=A3.

g(075BCD15)＝08B8C6A3。

Table .1

Claims (10)

1. one kind is model with coupling mapping grid, the hash function method that adopts floating-point operation and traditional bit operating to combine, local and the whole mode that is coupled and combines are adopted in the mapping that it is characterized in that being coupled, state variable in the mapping is determined that by the chain variable parameter in the mapping is determined by input information and its extend information.Input information is expanded by nonlinear operation.Introduce two whole coupling variables, whole coupling variable is the function of whole input informations and state variable.To the output variable delivery, make XOR with chain variable, the information of input then; The real numberization as a result that will obtain again is as the input value continuation iteration of mapping.Described method comprises following treatment step:

A1) preliminary treatment.Preliminary treatment comprises definite initial chaining value (ICV), and information shaping and information transform.

A2) calculation of parameter.Calculation of parameter comprises that the init state variable of coupling mapping grid equation calculates and the real number conversion of information.

A3) coupling mapping grid Equation for Calculating.Adopt N lattice point coupling model, local and whole coupling combine.

A4) hashed value output.The output valve of last group information of cascade is as the hashed value of function.

2. hash function method according to claim 1 is characterized in that hashed value can select.Coupling grid number is got N=4, the hashed value function of 6,8,12,16 corresponding respectively output 128,192,256,384 and 512 bits.

3. preliminary treatment according to claim 1 is characterized in that by definite initial chaining value (ICV), and information shaping and information transform three steps to be formed, specific as follows:

A1.1) defining constant.Determine N 32 bit initial chaining value (ICV) H ₁, H ₂..., H _N

A1.2) the information shaping is that prime information is replenished the position by filling, and adds the original text length information, and making the shaping message length is the integral multiple of block length.Every group of information fixed number of bits is 32N, and shaping the source language message length is the 32Nn bit, and n is an integer.

Described process by the source language message generation shaping information further comprises:

When the source language message length is not (32Nn-128) bit, behind original text, the level add one 1 and several 0.Wherein 128 fixedly are used for identifying original text length.

A1.3) every group of 32N Bit String turns to N 32 bit integer m ₁, m ₂..., m _N(arrange 32 Bit String i ₃₁i ₃₀... i ₁i ₀In, i ₃₁Be most significant bit, i ₀Be significant bits).

4. calculation of parameter according to claim 1 is characterized in that being made of the calculating of init state variable, the expansion of information and the real number step of converting of information of coupling mapping grid equation, and is specific as follows:

A2.1) H ₁, H ₂..., H _NAssignment is given z ₁, z ₂..., z _N, and be converted into the double precision real number, shine upon the initial state state variable of grid equation as coupling:

z _i＝H _i，i＝1，2，...，N

$x_i=\frac{z_i}{2^{32}},i=\mathrm{1,2},...,N$

A2.2) the 32N bit (m of input ₁, m ₂..., m _N) expand to 64N (m ₁, m ₂..., m _2N) bit, extended mode is m _I+N=ff (m _i), i=1,2 ..., N.

A2.3) information of input and expansion turns to the double precision real number:

$a_i=3.0+\frac{m_i}{2^{32}},b_i=0.25+\frac{m_{i+N}}{2^{34}},i=\mathrm{1,2},...,N.$

5. extended mode according to claim 4 is characterized in that comprising cyclic shift R and g conversion, and is specific as follows:

A2.2.1) cyclic shift R.32 bit informations are made 4 different cyclic shifts, and the result presses the bit XOR.

R(m _i)＝(m _i>>>4)∧(m _i>>>8)∧(m _i>>>16)∧(m _i<<<8)，i＝1，2，...，N

A2.2.2) the g conversion is 32 bit inputs, the nonlinear transformation of 32 bits output.At first 32 bits of input are divided into four byte A ₄|| A ₃|| A ₂|| A ₁, each byte is 8 bits, wherein A ₄It is the higher bit position.Each byte is carried out the conversion of S box.The most last output S (A of 4 byte align of conversion ₄) || S (A ₃) || S (A ₂) || S (A ₁).

A2.2.3) conversion of S box is the inputs of 8 bits, the mapping transformation at random of 8 bits output.

6. coupling mapping grid Equation for Calculating according to claim 1 is characterized in that adopting local and whole coupling to combine, and specific implementation has following step:

A3.1) the mapping equation structure is:

y ₁＝f ₁(a ₁，x ₁)+f ₂(b _N，k _N，x _N)+f ₁(a ₂，u)+f ₂(b ₃，k ₃，w)，

y ₂＝f1(a ₂，x ₂)+f ₂(b ₁，k ₁，x ₁)+f ₁(a ₃，u)+f ₂(b ₄，k ₄，w)，

y _i＝f ₁(a _i，x _i)+f ₂(b _i-1，k _i-1，x _i-1)+f ₁(a _i+1，u)+f ₂(b _i+2，k _i+2，w)，i＝3，4，...，N-2

y _N-1＝f ₁(a _N-1，x _N-1)+f ₂(b _N-2，k _N-2，x _N-2)+f ₁(a _N，u)+f ₂(b ₁，k ₁，w)，

y _N＝f ₁(a _N，x _N)+f ₂(b _N-1，k _N-1，x _N-1)+f ₁(a ₁，u)+f ₂(b ₂，k ₂，w)

A3.2) state variable is carried out the H of delivery and input _i, information m _iMake XOR, variable is as new z _iOutput, and be converted into real number:

z _i＝y _i×2 ⁴⁸mod2 ³²

$x_i=\frac{z_i}{2^{32}}$

Boundary condition satisfies m _N+i=m _i, H _N+i=H _i, i=1,2 ..., N.

A3.3) carry out A3.1 continuously) and A3.2) operation p time after, output variable z ₁, z ₂..., z _N-1, z _N

A3.4) upgrade the chain value.Output variable z ₁, z ₂..., z _N-1, z _NAs new H _iOutput, that is:

H _i＝z _i，i＝1，2，...，N。

7. f according to claim 6 ₁, f ₂Function and whole coupling variable u, w is characterized in that as follows:

A3.1.1) f ₁Mapping: f ₁(c, x)=cx (1-x).C is the parameter of mapping, at A2.3) in determine by information.

A3.1.2) f ₂Mapping: f ₂(c, k, x)=c (x+k).C is the parameter of mapping, at A2.3) in determine by information.K is a constant.

A3.1.3) variable u is constructed by following formula:

$u_1=\underset{i=1}{\overset{N}{\mathrm{\&Sigma;}}}{f}_2(b_i,k_i,x_i),$

u ₂＝u ₁×2 ⁴⁸?mod?2 ³²，

u ₃＝ff(u ₂)，

$u=\frac{u_3}{2^{32}},$

A3.1.4) variable w is constructed by following formula:

$w_1=\underset{i=1}{\overset{N}{\mathrm{\&Sigma;}}}{f}_1(a_i,x_i),$

w ₂＝w ₁×2 ⁴⁸?mod?2 ³²，

w ₃＝ff(w ₂)，

$w=\frac{w_3}{2^{32}}.$

8. initial chaining value (ICV) according to claim 3 is characterized in that, described initial chaining value (ICV) is respectively:

B2.1) coupling lattice point number N=4, four initial value value H ₁=91ED38AA, H ₂=BC4AC89D, H ₃=D8A01D1A, H ₄=EE4B30CB.

B2.2) coupling lattice point number N=6, six initial value value H ₁=8018B519, H ₂=A6C50F56, H ₃=C0EDC832, H ₄=D514141C, H ₅=E59AD573, H ₆=F3ADFDEE.

B2.3) coupling lattice point number N=8, eight initial value value H ₁=6ADA291D, H ₂=8CB280AB, H ₃=A3EFC179, H ₄=B6030647, H ₅=C4F176FB, H ₆=D1BB3843, H ₇=DCF3E6BF, H ₈=E6F91BB7.

B2.4) coupling lattice point number N=12,12 initial value value H ₁=63C1258E, H ₂=83DF84C4, H ₃=9A0BEFB1, H ₄=AB5AC599, H ₅=B9B0AE14, H ₆=C5FE6CFD, H ₇=D0CF18EC, H ₈=DA7B1242.H ₉＝E33E5756，H ₁₀＝EB43ABBF，H ₁₁＝F2AAB63B，H ₁₂＝F98B9A28。

B2.5) coupling lattice point number N=16,16 initial value value H ₁=592B1196, H ₂=76992425, H ₃=8B16AC27, H ₄=9B2C65DA, H ₅=A88D7C2D, H ₆=B4131777, H ₇=BE3B2292, H ₈=C755E0A4.H ₉＝CF99F4BD，H ₁₀＝D72E69A4，H ₁₁＝DE303559，H ₁₂＝E4B57966，H ₁₃＝EACF8964，H ₁₄＝F08C3CA7，H ₁₅＝F5F6D254，H ₁₆＝FB18903E。

9. f according to claim 7 ₂Function is characterized in that, described constant value is respectively:

B3.1) coupling lattice point number N=4, four constant value k ₁=0.9801, k ₂=0.9211, k ₃=0.8253, k ₄=0.6967.

B3.2) coupling lattice point number N=6, six constant value k ₁=0.9898, k ₂=0.9595, k ₃=0.9096, k ₄=0.8411, k ₅=0.7556, k ₆=0.6546.

B3.3) coupling lattice point number N=8, eight constant value k ₁=0.9959, k ₂=0.9835, k ₃=0.9630, k ₄=0.9346, k ₅=0.8985, k ₆=0.8549, k ₇=0.8043, k ₈=0.7470.

B3.4) coupling lattice point number N=12,12 constant value k ₁=0.9970, k ₂=0.9882, k ₃=0.9735, k ₄=0.9530, k ₅=0.9269, k ₆=0.8954, k ₇=0.8585, k ₈=0.8166, k ₉=0.7698, k ₁₀=0.7184, k ₁₁=0.6629, k ₁₂=0.6034.

B3.5) coupling lattice point number N=16,16 constant value k ₁=0.9983, k ₂=0.9931, k ₃=0.9845, k ₄=0.9724, k ₅=0.9571, k ₆=0.9384, k ₇=0.9164, k ₈=0.8913, k ₉=0.8631, k ₁₀=0.8319, k ₁₁=0.7979, k ₁₂=0.7610, k ₁₃=0.7216, k ₁₄=0.6796, k ₁₅=0.6353, k ₁₆=0.5888.

Images