1. Field of the Invention
The present invention is directed to a device and method for providing secure, collision resistant hash functions. These secure, collision resistant hash functions are provided by mapping an input string into a longer string using a secure stretch function and then applying a compression function to the longer string.
2. Description of Related Art
A hash function is a function which takes a variable length input string (often called a pre-image) and converts it into a fixed-length output string (often called a hash value). A one way hash function is a hash function which works in one direction. Briefly, a one-way function is a function that is easy to compute but hard to invert on an overwhelming fraction of its range. In a good one-way hash function, given a hash value, it is computationally infeasible to determine the pre-image that hashed to that value. Another type of hash function is a collision resistant hash function. One important feature of a collision resistant hash function is that it is difficult to generate two pre-images which hash to the same hash value.
Hash functions are typically performed by a computer or special purpose processor. FIG. 1 is a block diagram of a computer or processor 100 which may be used to perform hash functions. The device 100 has a processor including one or more CPUs 102, a main memory 104, a disk memory 106, an input/output device 108, and a network interface 110. The devices 102-110 are connected to a bus 120 which transfers data, i.e., instructions and information between each of these devices 102-110. A hash function algorithm may be stored as data in either main memory 104 or a disk memory 106. A pre-image may be provided at the I/O device 108 or network interface 110. The processor 102 may retrieve the algorithm from memory 104 or 106 and receive the pre-image from the I/O (or network interface 110), both via the bus 120. The processor 102 may perform the hash and provide the hash value to the I/O device 108 (or network interface 110) or store the hash value in memory 104, 106.
Hash functions play a crucial role in practical cryptography and are in ubiquitous use. Applications for hash functions include authentication, digital signatures, and digital time stamping. As a result, the security of a hash function is important. Widely used constructions like the well known SHA (Secure Hash Algorithm), MD4 (Message Digest 4), and MD5 (Message Digest 5) hash functions have been recently attacked, raising questions about their security. MD5, for example, has been widely used, somewhat studied, and is quite efficient. But MD5 has come under attack by cryptanalysts. For example, den Boer and Bosselaers have produced collisions using MD5's compression function. (B. den Boer and A. Bosselaers, "Collisions for the Compression Function of MD5," Advances in Cryptology--EUROCRYPT '93 Proceedings, Spring-Verlag, 1994, pp. 293-304). On the other hand, constructions based on block ciphers like DES, while they have been less successfully attacked (and thus more secure), are usually slow, and need a large number of encryptions per block of data compressed. As a result, block ciphers are less efficient; that is they are computationally intensive and therefore use a great deal of processing power and time.
Therefore, it is an object of the present invention to provide a secure hash function which is simple in design and which yields a faster hash primitive.