Analysis of Multivariate Hash Functions

13 years 6 months ago
Analysis of Multivariate Hash Functions
We analyse the security of new hash functions whose compression function is explicitly defined as a sequence of multivariate equations. First we prove non-universality of certain proposals with sparse equations, and deduce trivial collisions holding with high probability. Then we introduce a method inspired from coding theory for solving underdefined systems with a low density of non-linear monomials, and apply it to find collisions in certain functions. We also study the security of message authentication codes HMAC and NMAC built on multivariate hash functions, and demonstrate that families of low-degree functions over GF(2) are neither pseudo-random nor unpredictable.
Jean-Philippe Aumasson, Willi Meier
Added 29 Oct 2010
Updated 29 Oct 2010
Type Conference
Year 2007
Authors Jean-Philippe Aumasson, Willi Meier
Comments (0)