Method and apparatus for generating secure hash functions

US 5,892,829 A
Filed: 01/08/1998
Issued: 04/06/1999
Est. Priority Date: 01/08/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A method for performing a hash function on a string of information elements, comprising the steps of:

a. a stretch processor receiving an input string of information elements;

b. the stretch processor stretching the input string into a longer string;

c. a compression module receiving the longer string; and

d. the compression module compressing the longer string into a hash value.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure hash function according to the present invention uses a stretch function 202 and a compression function 202 to provide a secure hash value. A stretch function is a function which increases an input string (pre-image). In one version of the invention, a stretch function ƒ maps l-bit inputs into 2m bit, where 2m>l. Preferably, the stretch function ƒ is one-way. The stretch function randomizes the input string. The output of the stretch function is fed into a compression function c, which compresses the stretch function output from 2m bits to 2n bits, where m>n. The compression function is preferably a cryptographic primitive selected from a family of compression functions. In a preferred embodiment, a standard key scheduling algorithm of the cryptographic compression function (such as DES) is replaced and an output of the stretch function is used as the key. The inventors find that using a stretch function output as the compression function key improves the security of the compression function. Moreover, because the stretch function output randomizes the input string, the security constraints on the compression function are less stringent. As a result, an efficient, simple, and secure hash function is provided.

59 Citations

41 Claims

1. A method for performing a hash function on a string of information elements, comprising the steps of:
- a. a stretch processor receiving an input string of information elements;
  
  b. the stretch processor stretching the input string into a longer string;
  
  c. a compression module receiving the longer string; and
  
  d. the compression module compressing the longer string into a hash value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 34, 35, 36, 37)
- - 2. The method of claim 1, wherein the step of stretching an input string further comprises:
    - a. the stretch processor dividing the input string into d blocks; and
      
      b. the stretch processor performing a one way hash function on each of the d blocks.
  - 3. The method of claim 2, wherein the step of the stretch processor performing a one way hash function on each of the blocks is defined as:
    - space="preserve" listing-type="equation">J(t)=sh(α
      
      .sub.1,t.sub.1), sh(α
      
      .sub.2,t.sub.2), . . . , sh(α
      
      .sub.d,t.sub.d)
      where;
      
      f(t) is a stretching function performed on the input string;
      
      sh is a one way hash function;
      
      α
      
      ₁, α
      
      ₂, . . . , α
      
      ₃ are portions of a second string of information elements; and
      
      t₁, t₂, . . . , t_d are divided portions of the input string.
  - 4. The method of claim 3, wherein the step of the stretch processor performing a one way hash function on each of the blocks further comprises the stretch processor selecting a plurality of hash functions sh, each one of the plurality of hash functions being performed on a particular one of the blocks.
  - 5. The method of claim 3, further comprising the step of selecting α
    - ₁ as a string having a length λ and
      
      α
      
      _n for i=2, . . . , d are α
      
      _i =MSBλ
      
      (sh (α
      
      _i-l, t_i-l)) where MSBλ
      
      is λ
      
      most significant elements of the argument.
  - 6. The method of claim 1, wherein the step of stretching further comprises randomizing the input string.
  - 7. The method of claim 1, wherein the step of performing a compression function further comprises performing a cryptographic compression function.
  - 8. The method of claim 7, wherein the step of performing a cryptographic compression function further comprises performing a plurality of primitives.
  - 9. The method of claim 7, wherein the step of performing a cryptographic compression function further comprises performing two compression function primitives h,h, from s+m bits to n bits, where s, m and n are integers.
  - 10. The method of claim 9, wherein:
    - h(x,K)=g_x (K) andh(K,x)=g_x (K);
      
      where x and x are an initial value;
      
      g is randomly chosen from a family of 2^s functions indexed by a key x;
      
      g is randomly chosen from a family of 2^s functions indexed by a key x; and
      
      K, K are keys to the cryptographic compression function.
  - 11. The method of claim 9, wherein the step of performing the cryptographic compression function further comprises the compression module using an output of the stretch processor as a key for the primitives.
  - 12. The method of claim 1, wherein the step of performing a compression function further comprises the compression module:
    - a. receiving 2m information elements from the stretch processor;
      
      b. dividing the 2m bits into two sets of bits; and
      
      c. processing the two sets of bits using a compression function and a fixed function.
  - 13. The method of claim 12, wherein the compression function is DES.
  - 14. The method of claim 12, wherein the fixed function is a hash function.
  - 15. The method of claim 8, wherein the step of performing a plurality of primitives further comprises performing each of the primitives on all of the outputs of the stretch processor.
  - 16. The method of claim 1, further comprising adapting the compression function to operate on a variable length input string.
  - 34. The method of claim 1, wherein the hash value is collision resistant.
  - 35. The method of claim 1, wherein the step of stretching the input string further comprises stretching the input string at least by 10%.
  - 36. The method of claim 35, wherein the step of stretching the input string further comprises stretching the input string between 30% and 60%.
  - 37. The method of claim 12, wherein the step of processing the two sets of bits using a fixed function further comprises performing a single fixed function on the two sets of bits.

17. A hashing device, comprising:
- a. a stretch processor configured to receive an input string of information elements and to stretch the input string into a longer string; and
  
  b. a compression module configured to receive the longer string, to perform a compression function on the longer string, and to output a hash value.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 38, 39, 40, 41)
- - 18. The hashing device of claim 17, wherein the stretch processor is configured to randomize the input string.
  - 19. The hashing device of claim 17, wherein the longer string is one-to-one on substantially all elements in a range of outputs.
  - 20. The hashing device of claim 17, wherein stretch processor is further configured to:
    - a. divide the input string into d blocks; and
      
      b. perform a one way hash function on each of the d blocks.
  - 21. The hashing device of claim 20, wherein the stretch processor is further configured to perform the one way hash function on each of the blocks as follows:
    - space="preserve" listing-type="equation">f(t)=sh(α
      
      .sub.1,t.sub.1), sh(α
      
      .sub.2,t.sub.2), . . . , sh(α
      
      .sub.d, t.sub.d)
      where;
      
      f(t) is a stretching function performed on the input string;
      
      sh is a one way hash function;
      
      α
      
      ₁, α
      
      ₂, . . . , α
      
      ₃ are portions of a string of information elements; and
      
      t₁, t₂, . . . , t_d are divided portions of the input string.
  - 22. The hashing device of claim 21, wherein the stretch processor is further configured to select a plurality of hash functions sh, each one of the plurality of hash functions being performed on a particular one of the blocks.
  - 23. The hashing device of claim 21, wherein the stretch processor is further configured to select α
    - ₁ as a string having a length λ and
      
      α
      
      _i for i=2, . . . , d are α
      
      _i =MSBλ
      
      (sh (α
      
      _i-l, t_i-l)) where MSBλ
      
      is λ
      
      most significant elements of the argument.
  - 24. The hashing device of claim 17, wherein the compression module is further configured to perform a cryptographic compression function.
  - 25. The hashing device of claim 24, wherein the compression module is further configured to perform a plurality of primitives.
  - 26. The hashing device of claim 24, wherein the compression module is further configured to perform two compression function primitives h,h, from s+m bits to n bits, where s, m and n are integers.
  - 27. The hashing device of claim 26, wherein the compression module is further configured to perform the two primitives as follows:
    - h(x,K)=g_x (K) andh(K,x)=g_x (K);
      
      where x and x are an initial value;
      
      g is randomly chosen from a family of 2^s functions indexed by a key x;
      
      g is randomly chosen from a family of 2^s functions indexed by a key x; and
      
      K, K are keys to the cryptographic compression function.
  - 28. The hashing device of claim 25, wherein the compression function is a modified block cipher and the compression module is configured to use an output of the stretch processor as a key for the primitives.
  - 29. The hashing device of claim 17, wherein the compression module is further configured to:
    - a. receive 2m information elements from the stretch processor;
      
      b. divide the 2m bits into two sets of bits; and
      
      c. process the two sets of bits using a compression function and a fixed function.
  - 30. The hashing device of claim 29, wherein the compression function is DES.
  - 31. The hashing device of claim 30, wherein the fixed function is a hash function.
  - 32. The hashing device of claim 25, wherein the compression module is configured to perform each of the primitives on all outputs of the stretch processor.
  - 33. The hashing device of claim 17, wherein the compression module is further configured to perform the compression function on a variable length input string.
  - 38. The hashing device of claim 17, wherein the hash value is collision resistant.
  - 39. The hashing device of claim 17, wherein the stretch processor is configured to stretch the input string at least 10%.
  - 40. The hashing device of claim 39, wherein the stretch processor is configured to stretch the input string between 30% and 60%.
  - 41. The hashing device of claim 29, wherein the fixed function is a single fixed function and the compression module is configured to perform the single fixed function on the two sets of bits.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hanger Solutions, LLC (IP Investments Group LLC)
Original Assignee
Bell Communications Research, Inc. (Telefonaktiebolaget LM Ericsson)
Inventors
Venkatesan, Ramarathnam, Aiello, William A.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US09/004,191
Time in Patent Office

453 Days
Field of Search

380/4, 380/25, 380/28, 380/30, 380/46, 380/49
US Class Current

713/180
CPC Class Codes

H04L 2209/30   Compression, e.g. Merkle-Da...

H04L 9/0625   with splitting of the data ...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/50   using hash chains, e.g. blo...

Method and apparatus for generating secure hash functions

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

59 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for generating secure hash functions

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links