CN105281911A - Hash function mapping string to fixed-size matrix - Google Patents
Hash function mapping string to fixed-size matrix Download PDFInfo
- Publication number
- CN105281911A CN105281911A CN201510471471.5A CN201510471471A CN105281911A CN 105281911 A CN105281911 A CN 105281911A CN 201510471471 A CN201510471471 A CN 201510471471A CN 105281911 A CN105281911 A CN 105281911A
- Authority
- CN
- China
- Prior art keywords
- hash function
- length
- character string
- matrix
- hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a new Hash function, belongs to the basic field of communication safety, and aims to hash a string of any length to a matrix of a prescribed fixed size. The Hash function comprises the following main parts: firstly, a normal Hash a=h(b) is selected for the input string of any length, and the normal Hash a=h(b) can be mapped to a string whose length is m; system parameters are randomly initialized, a safety parameter is n, m and q satisfy the condition shown in the specification, and q=O(n<c>), wherein c is larger than zero and is a constant; a basic Hash function hM (s') constructed based on a lattice difficulty problem is capable of mapping the string, whose binary length is m, to a binary length nlogq; and finally, combined with the above conclusion, a final Hash function shown in the specification is constructed. In addition, the Hash function is proved to be capable of meeting the requirements of calculability, unidirectionality and collision resistance.
Description
Technical field
The present invention relates to hash function, belong to field of communication security in cryptography, particularly relate to hash function needed for the structure based on the signature system of case theory.Construct a kind of novel hash function, character string is hashing onto matrix, be conducive to based on the various calculating in the cryptography research of lattice.
Background technology
Hash function all has at computer and field of cryptography to be applied widely.In field of cryptography, hash function is otherwise known as one-way hash function, cryptographic Hash be otherwise known as eap-message digest, fingerprint, cryptographic check and, information integrity inspection, performance tests etc.Although it is not cryptographic algorithm, being the center of contemporary cryptology, is the basic configuration module of many cipher protocols.What this patent statement was studied is exactly cryptographic Hash function, if hereafter the mentioned Special Statement that do not have all refers to cryptographic hash function.
Hash function is a cipher function, and it is input as the message of arbitrary finite length, exports the cryptographic Hash into regular length.Except being widely used for digital signature, message integrity is differentiated, the origin authentication etc. of message, also forms hybrid cipher system together with various cryptographic algorithm in addition.The model of hash function is: h=H (M).
Wherein M is pending plaintext, can be random length; H is hash function, and h is that the message generated is plucked
, it has fixing length, and has nothing to do with the length of M.One-way Hash function has following character:
(1) given M, is easy to calculate h=H (M), is referred to as computability;
(2) given h, finds the M meeting H (M)=h to be computationally infeasible, is called one-way;
(3) given M, (M ') is computationally infeasible, is called that anti-second preimage is attacked to find M ' to make H (M)=H;
(4) find out two random message M and M ', (M ') is computationally infeasible, is referred to as impact resistant and attacks to make H (M)=H.
If meet first three here, be referred to as weak hash function; Article four, all satisfied, be then called strong hash function.
Hash function is applied to field of digital signature the earliest, the hash function of a design safety is not very difficult, as the hash function based on factoring problem design the earliest, but, after quantum computer proposes, cryptographic system based on case theory is studied widely, and this kind of cryptographic system relates to many linear operations, conveniently understandable by matrix notation.
The appearance of U.S. encryption standard DES in 1977, excites people relate to hash function upsurge with block cipher, and this can trace back to the work of Rabin in 1978 the earliest.U.S. secret meeting in 1989 has delivered two sections simultaneously and has related to article history with material impact meaning at hash function, they are carried and have eaten iteration structure similarly, will relate to crash-resistant hash function and be converted into crash-resistant compression function.In the same year, just there is the hash function Snefru designed based on this iteration structure, but just broken through completely by differential attack subsequently; Year nineteen ninety Rivest devises the hash algorithm that is called MD4, and the design of this algorithm is not based on any hypothesis and cryptographic system.This direct building method of hash function have received the extensive favor of people because of its fast operation, the feature such as very practical.But it is found that MD4 existed security flaw afterwards.The hash function of many official standards has been there is based on this kind of design philosophy, become MD4-x series hash function, these functions are based on existing software platform at that time, and implementation efficiency is high, designer also claims that these hash functions are safer, but it is found that MD4 existed security flaw afterwards.Within 1992, Rivest improves it, has constructed MD5.Before 1998, the analysis of this type of hash function is mainly concentrated on MD4 and MD5, and substantial result is not had to the attack of MD5.SHA is U.S.National Security Agency's design, a series of Cryptographic Hash Functions that National Institute of Standards and Technology issues.Within 1993, issued SHA-0, after 2 years, SHA-1 then issues, and they are all the summaries that can produce a string 160 bits from the message of a maximum 2^64 bit, then encrypt with based on the algorithm of MD4 and MD5.1998, Chabaud and Joux adopt " disturbance-correction " and thought theoretically SHA-0 is analyzed, obtain result preferably.2004, in succession have numerous outstanding attack method and result to occur, the attack method of these innovations all carried out successfully attacking to a series of hash function.
The best way evaluating a hash function is exactly see that the cost that assailant finds a pile collision message to spend has much.Hypothesize attack person knows hash algorithm, and the main target of assailant to find a pair or more right collision message.The method of conventional analysis hash function has birthday attack and differential attack, and birthday attack is conventional method hash function being carried out to analysis and calculation collision message.It does not utilize the structure of hash function and any algebraically weakness matter, only depends on the length of eap-message digest, and this attack method gives the condition that hash function possesses fail safe.Differential attack is the analytical method that Bliham and Shamir proposes for Iterative block cipher.Its basic thought obtains the maximum key of performance by analyzing the impact of specific plaintext on ciphertext difference.In U.S. secret meeting in 2004, professor Wang little Yun has done the report of decoding MD5, HAVAL-128, MD4 and RIPEMD algorithm, the world still thought that SHA-1 was safe at that time, after some months, professor Wang little Yun just announces the message decoding SHA-1, and propose attack method, shake password educational circles of the world again.But technically, the collision of MD5 and SHA-1 can be obtained at short notice and do not meant that two kinds of algorithm complete failures, in any case but, the method for Wang little Yun has become in the short time and finds the collision of MD5 and SHA-1 to become possibility.
Within 1996, Ajtai demonstrates under certain Parameter Conditions, the difficulty of the small integer solution SIS problem of average case is equivalent to the difficulty of the particular problem on certain class lattice under worst condition, and such as approximate most short vector problem GapSVP and line of shortest length have nothing to do Vector Groups problem SIVP.While this initiative conclusion of proposition, Japanese seaperch fish SIS enough early one group of one-way function, its fail safe n in worst case
cthe difficulty hypothesis of approximate most short vector problem GapSVP, wherein approximation factor c be greater than 0 constant.Goldreich etc. demonstrate the anti-collision of Ajtai one-way function.Follow-up a few thing on this function strengthens its fail safe mainly through the value reducing c, and but result best is at present c=1. only has to work as
time, just GapSVP problem is considered to NP-Hard problem, and in order to obtain the fail safe of 100 bits, key length will reach 500,000 bit, and carry out the arithmetic operator of 50,000 time, therefore the practicality of this scheme is poor.In order to raise the efficiency, above-mentioned one-way function is based upon on a kind of structuring lattice-circulation lattice by Micciancio, opens a kind of method of the colleges and universities' cryptography scheme built on special construction.Afterwards, Lyubashevsky etc. are on a kind of more wide in range structuring lattice-ideal lattice, construct more efficient, safe SWIFFT one-way function, main operation technique is Fourier transform FFT, efficiency is very high, and has strong collision possibility, can be applied with digital signature scheme, but SWIFFT is not a pseudo-random function, is not suitable for the initialization of random oracle yet.
Cryptographic system based on case theory has obtained to be studied widely, the public key cryptography encipherment scheme AD built based on lattice that Ajtai and Dwork the earliest proposes, the GGH public key cryptography scheme that Doldreich, Goldwasser and Halevi proposed in 1997, NTRU scheme that Hoffdtein etc. propose etc.When based on case theory design, relate to matrix operation, therefore, study in order to better to the cryptographic system based on case theory, a hash function that can generate the comparatively uniform matrix of distribution becomes demand.
Based on the above, construct a novel hash function, common character string maps can be become a problem needing to solve to the comparatively uniform matrix of a distribution.
Summary of the invention
The object of the invention is to: realize a hash function from character string maps to matrix based on lattice difficult problem, it can meet the fundamental property of hash function, and fail safe can be proven, can also be applied to certain in the cryptographic system of lattice.
The design of this hash function comprises following a few part composition:
(1) for needing character string s ∈ { 0, the 1} carrying out Hash
*, choose basic hash function h:{0,1}
*→ { 0,1}
m.
(2) parameter initialization: initialization system parameter n, m, q ∈ N, wherein n is security parameter, m and q meets
and q=O (n
c) wherein c>0 be constant;
(3) based on the basic hash function of lattice difficulty: in order to generate hash function, random selecting matrix
for input of character string s ' ∈ { 0,1}
*, calculate:
H
m(s ')=Ms ' modq=∑
ss
i' M
imodq exports as length is n's
on character string;
(4) construct final hash data structure: utilize the basic structure described in previous step, structure can generate the matrix of n × m,
Like this, the character string of the random length just we provided is hashing onto on the matrix of a fixed size.
Because the present invention is the hash function that builds on basis based on lattice difficult problem hypothesis, therefore should based on the hypothesis of difficult problem on lattice to the proof of the character of this hash function.
Beneficial effect of the present invention is:
(1) based on the hash function that lattice difficult problem builds, its fail safe is comparatively strong, asks the process of hash function value to be also simple and easy to see.
(2) can to realize the character string of random length, through twice mapping, obtaining the matrix that fixedly requires size.
(3) such being structured in brings great convenience based on lattice building cryptographic system.
Accompanying drawing explanation
Mode by concrete example and accompanying drawing is described by the present invention, wherein
Fig. 1 is the flow chart inventing overall body construction process;
Fig. 2 is H matrix specifically generation figure.
Embodiment
Elaborate to technical scheme of the present invention below in conjunction with accompanying drawing, requiring to be arbitrary original character string s Hash by length is the matrix of a fixed size
wherein n, m, q, can illustrate in introduction below one by one, by reference to the accompanying drawings 1, and specific implementation process is as follows.
(1) to the process of random length character string: in our Hash procedure, need to process the character string of random length or regular length, in order to follow-up structure, first we choose a common hash function, if this hash function is denoted as h:{0,1}
*→ { 0,1}
m, herein, arrow represents the character string on the right of by the generation of left character string, and h is the existing hash function that random length character string can be hashing onto regular length character string, i.e. a=h (b), herein a ∈ { 0,1}
mbe random length with b;
(2) initialization of system parameters: for security parameter n, we choose a random matrix
choosing of m and q is satisfied
and q=O (n
c), c>0 is constant;
(3) based on the basic Hash procedure of lattice difficulty: select hash function as follows, suppose input of character string s ' ∈ { 0,1}
m, the process calculating cryptographic Hash is:
h
M(s′)=Ms′modq=∑
is
i′M
imodq
Herein, it is nlogq that binary system exports length, and because parameter meets nlogq < m, therefore output does not exist collision, meets anti-collision;
(4) for the description of above step, for the character string s of the random length of input, computing is below carried out
As shown in Figure 2, wherein, s string length is arbitrary, after basic hash function h, can be mapped as the character string that length is m, and the above-mentioned vector being n by this m length with ", " expression is stitched together, and generates one
matrix.So far, the construction complete of this special hash function.
The character of time hash function is discussed below
(1) computability: two parts are all obviously computable;
(2) one-way of one-way: a=h (b) is apparent.In addition, learnt by the theory on lattice, hash function h
munidirectional and crash-resistant, because M is the random homogeneous matrix chosen,
be lattice, if the base of lattice is T, then equation h
m(s ')=s
0evaluation is easy to, but known s
0inverting, being difficult to solve when not knowing T, this is supposed to draw by the ISIS difficulty in lattice, and it is difficult under average case, thus, and h
m(s ') meets unidirectional, therefore final hash function H is also unidirectional;
(3) anti-collision: a=h (b) is owing to being known common hash function, therefore it must be crash-resistant.Meanwhile, h
m(s ')=s
0input and output are binary string, if there is collision, namely there is s
1≠ s
2meet Ms
1=Ms
2, such M (s
1-s
2)=0modq, namely Mx=0modq has solution, and in this dative, the difficulty hypothesis of SIS problem is conflicted mutually, therefore h
mbe crash-resistant, thus final function H is also crash-resistant.
In sum, the novel hash function of the present invention's structure achieves function arbitrary string being mapped to fixed size matrix, possesses the fundamental property of hash function simultaneously.
The above, be only the specific embodiment of the present invention, arbitrary feature disclosed in this specification (comprising accessory claim, summary and accompanying drawing), unless specifically stated otherwise, all can be replaced by other equivalences or the alternative features with similar object, namely unless specifically stated otherwise, each feature is an example in a series of equivalence or similar characteristics.The present invention can expand to any any new combination of disclosing in this manual or new feature, and the step of the arbitrary new method disclosed or process or any combination newly.
Claims (4)
1. an energy is by the hash function of random length character string maps to fixed size matrix, and its feature is as described by below:
The original character string s Hash of random length is the matrix of a fixed size by requirement
wherein n, m, q, can illustrate in the introduction below one by one.
Choose hash function h:{0,1}
*→ { 0,1}
m;
System parameters initialization: initialization system parameter n, m, q ∈ N, wherein n is security parameter, m and q meets
and q=O (n
c) wherein c>0 be constant;
Basic hash function based on lattice difficulty: in order to generate hash function, random selecting matrix
suppose there is character string s ' ∈ { 0,1}
m, calculate: h
(M)(s ')=Ms ' modq=Σ
ss
i' M
imodq exports as length is n's
on character string;
Construct final hash data structure: utilize the basic structure described in previous step, structure can generate the matrix of n × m,
Like this, the character string of the random length just we provided is hashing onto on the matrix of a fixed size.Finally, prove that hash function meets computability, one-way, anti-collision.
2. the method for claim 1, is characterized in that, to choose common hash function a=h (b) be length by random length character string maps is the character string of m;
(1) initialization of system parameters: for security parameter n, we choose a random matrix
choosing of m and q is satisfied
and q=O (n
c), c>0 is constant;
(2) based on the basic Hash procedure of lattice difficulty: select hash function as follows, suppose input of character string s ' ∈ { 0,1}
m, the process calculating cryptographic Hash is:
h
M(s′)=Ms′modq=Σ
is
i′M
imodq
Herein, it is nlogq that binary system exports length, and because parameter meets nlogq < m, therefore output does not exist collision, meets anti-collision;
(4) for step 1 describe character string s, round numbers 1, to m, carries out computing below
Wherein, the above-mentioned vector being n by this m length with ", " expression is stitched together, and generates one
matrix.So far, the construction complete of this special hash function.
3. the process as described in claim 1 and 2, is characterized in that, for the hash function that we construct, needs the proof of carrying out the following aspects.
(1) computability: two parts are all obviously computable;
(2) one-way of one-way: a=h (b) is apparent.In addition, learnt by the theory on lattice, hash function h
munidirectional and crash-resistant, because M is the random homogeneous matrix chosen,
be lattice, if the base of lattice is T, then equation h
m(s ')=s
0evaluation is easy to, but known s
0inverting, being difficult to solve when not knowing T, this is supposed to draw by the ISIS difficulty in lattice, and it is difficult under average case, thus, and h
ms () meets unidirectional, therefore final hash function H is also unidirectional;
(3) anti-collision: a=(b) is owing to being known common hash function, therefore it must be crash-resistant.Meanwhile, h
m(s ')=s
0input and output are binary string, if there is collision, namely there is s
1≠ s
2meet Ms
1=Ms
2, such M (s
1-s
2)=0modq, namely Mx=0modq has solution, and in this dative, the difficulty hypothesis of SIS problem is conflicted mutually, therefore h
mbe crash-resistant, thus final function H is also crash-resistant.
4. method as claimed in claim 1 or 2, is characterized in that, based on lattice difficult problem structure hash function, and can by the matrix of random length character string maps to fixed size.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510471471.5A CN105281911B (en) | 2015-08-04 | 2015-08-04 | By the hash function method of random length character string maps to fixed size matrix |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510471471.5A CN105281911B (en) | 2015-08-04 | 2015-08-04 | By the hash function method of random length character string maps to fixed size matrix |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105281911A true CN105281911A (en) | 2016-01-27 |
| CN105281911B CN105281911B (en) | 2018-09-25 |
Family
ID=55150305
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510471471.5A Active CN105281911B (en) | 2015-08-04 | 2015-08-04 | By the hash function method of random length character string maps to fixed size matrix |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105281911B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296079A (en) * | 2007-04-23 | 2008-10-29 | 索尼(中国)有限公司 | One-way hashing function construction method and system based on built-in chaos mapping |
| US20100226493A1 (en) * | 2006-01-17 | 2010-09-09 | Sony Corporation | Encryption/decryption device, encryption/decryption method, and computer program |
| CN102542070A (en) * | 2012-01-17 | 2012-07-04 | 王勇 | Method for structuring one-way Hash function based on random function |
| CN103490876A (en) * | 2013-10-18 | 2014-01-01 | 重庆科技学院 | Data encryption method for constructing Hash function based on hyper-chaotic Lorenz system |
| CN104270247A (en) * | 2014-05-23 | 2015-01-07 | 中国人民解放军信息工程大学 | Efficient generic Hash function authentication scheme suitable for quantum cryptography system |
-
2015
- 2015-08-04 CN CN201510471471.5A patent/CN105281911B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100226493A1 (en) * | 2006-01-17 | 2010-09-09 | Sony Corporation | Encryption/decryption device, encryption/decryption method, and computer program |
| CN101296079A (en) * | 2007-04-23 | 2008-10-29 | 索尼(中国)有限公司 | One-way hashing function construction method and system based on built-in chaos mapping |
| CN102542070A (en) * | 2012-01-17 | 2012-07-04 | 王勇 | Method for structuring one-way Hash function based on random function |
| CN103490876A (en) * | 2013-10-18 | 2014-01-01 | 重庆科技学院 | Data encryption method for constructing Hash function based on hyper-chaotic Lorenz system |
| CN104270247A (en) * | 2014-05-23 | 2015-01-07 | 中国人民解放军信息工程大学 | Efficient generic Hash function authentication scheme suitable for quantum cryptography system |
Non-Patent Citations (1)
| Title |
|---|
| M. AJTAI: "《STOC"96 proceedings of the 28th annual ACM symposium on Theory of computing》", 31 December 1996 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105281911B (en) | 2018-09-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101834724B (en) | Authenticated encryption method of public key and digital signature method | |
| Kanso et al. | A fast and efficient chaos-based keyed hash function | |
| Zhang et al. | Efficient public key encryption with equality test in the standard model | |
| CN102523093B (en) | Encapsulation method and encapsulation system for certificate-based key with label | |
| CN101252431B (en) | Realizing method of general-purpose digital signing scheme | |
| US20130290712A1 (en) | Hashing prefix-free values in a signature scheme | |
| CN104023044A (en) | Cloud-storage data lightweight-level public auditing method with privacy protection | |
| CN103220147B (en) | Strong designated verifier signature method based on multivariate public key cryptosystem | |
| CN104270247A (en) | Efficient generic Hash function authentication scheme suitable for quantum cryptography system | |
| Su et al. | A public key cryptosystem based on three new provable problems | |
| CN103259662A (en) | Novel procuration signature and verification method based on integer factorization problems | |
| CN107395371B (en) | Data encryption in wireless sensor networks | |
| CN112187461A (en) | Weapon equipment data hybrid encryption method based on encryption algorithm | |
| CN104038493A (en) | Bilinear pairing-free cloud storage data security audit method | |
| CN103973439A (en) | Multivariable public key encryption method | |
| CN103220146A (en) | Zero knowledge digital signature method based on multivariate public key cryptosystem | |
| CN104618098B (en) | Cryptography building method and system that a kind of set member's relation judges | |
| Stallings | Digital signature algorithms | |
| Zaibi et al. | A new design of dynamic S-Box based on two chaotic maps | |
| Sodhi et al. | An efficient hash algorithm to preserve data integrity | |
| Yang et al. | Certificateless universal designated verifier signature schemes | |
| CN1885769B (en) | Digital abstract forming device and method, and CA signing system and method | |
| CN105281911A (en) | Hash function mapping string to fixed-size matrix | |
| CN105406964A (en) | Group-oriented practical re-signature method with forward security | |
| Echandouri et al. | SEC-CMAC a new message authentication code based on the symmetrical evolutionist ciphering algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |