變動式參數的單向雜序函數

Abstract

本論文研究目的是改進MD5與SHA演算法，將其「擷取固定參數」的方式，改為「擷取變動式參數」的方法。 因為MD5與SHA是應用在數位簽章領域中有名的兩個單向雜序函數演算法，他們是由前一版的MD4所演進而來。雖然這兩種演算法比已被破解的MD4安全，但並不代表完全安全，因為隨著機器愈來愈快，新的破解方法陸續出現，除了有人聲明MD5的部份已經被破解，且SHA的設計者也提出安全強化作法。我們發現，這兩個演算法擷取參數的方式都是因為具有規律性，為了加強這兩個函數的安全性，我們提出以雜序表擷取變動參數的改進作法。 我們所參考的資料來源，包括了一些密碼理論的教科書、Advances in Cryptology研討會的發表論文、WWW上密碼學綱站的技術資料、與Internet上討論群的news。 所採的研究方法是，先瞭解MD5與SHA演算法的特性，再查出可用於數位簽章的所有單向雜序函數相關資料，並就其內容分類出有關攻擊或改進的文章，分析他們的作法，提出我們的作法，並舉出四種可能的演算法Keyed-MD5, Keyed-SHA, Unkeyed-MD5與Undeyed-SHA，最後再以程式模擬探討各方法的效率。 我們的所得到結果，在不加長最終結果Message Digest的情況下，可能可以獲得較安全的雜序函數。

The purpose of this thesis is to improve MD5 and SHA algorithms. We change the method of retrieving parameters from a fixed-sequential order to a changeable parameters order. Because MD5 and SHA are two famous one-way hashing functions in the domain of digital signature. The are both evolved from the previous version MD4. Although these two algorithms are more safe than MD4, yet it does not mean that they are safe forever. The speed of the machine is more quick now than past. There appears several new attack methods. Someone announced that parts of MD5 has been successfully attacked. The designer of SHA adapted it on the safety of function. We found that the regular properties of retrieving parameters in the two algorithms let it easy to be attacked. In order to strengthen the safety of the two algorithms, we propose a new scheme which based on a hashing table retrieving method. The reference resource includes some cryptography text book, thesis in the Conference of "Advances in Cryptology", technical report on WWW, and articles announced in Internet news group. Our research method is, to understand the properties of MD5 and SHA, to find out all of the one-way hashing functions in digital signatures domain, to analyze the attack or adapt method, to propose our idea, to illustrate 4 possible examples (Keyed-MD5, Keyed-SHA, Unkeyed-Md5, and Unkeyed-SHA), and finally to simulate them. Our conclusion is getting a one-way hashing function which possibly have more safety, without lengthening its message digest.