Paper 2010/652

Active Domain Expansion for Normal Narrow-pipe Hash Functions

Xigen Yao


Recently several reports of Cryptology ePrint Archive showed the discovering that for a normal iterative hash function the entropy and codomain would reduce greatly,then some conclusions were given: Narrow-pipe hash functions couldn't resist this reducing (But wide-pipe hash functions could.),and generic collision attacks on narrow-pipe hash functions would be faster than birthday paradox.The discovering and conclusions rely on the cases of active domain reducing which causes the empty set of a approximative probability $e^{-1}$ in a iteration.However,we can thwart the conclusions by the way of Active Domain Expansion to keep or recover the entropy , by some amending for any a normal narrow-pipe hash function to realize it.And some hash mode such as LAB Mode can more simply do it.In this paper,we'd introduce Active Domain Expansion which includes Surjection Round and the sum block $\Sigma M_{i}$.The most important is to define a sum block $\Sigma M_{i}$ to replace the input of a normal message block $M_{i}$ in compression function.$\Sigma M_{i}$ is a sum of the foregoing i ``Encoded Blocks''.since the surjection round has the same purport and the form is a part of Active Domain Expansion,Surjections Round will be non-critical section in this paper.Besides,we can redefine the last block of additional bits.By these,a normal narrow-pipe hash function can resist the reducing completely.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
narrow-pipe hashActive Domain ExpansionEncoded Blockentropyrecover
Contact author(s)
dihuo377 @ 163 com
2012-11-29: last of 30 revisions
2010-12-21: received
See all versions
Short URL
Creative Commons Attribution


      author = {Xigen Yao},
      title = {Active Domain Expansion for Normal Narrow-pipe Hash Functions},
      howpublished = {Cryptology ePrint Archive, Paper 2010/652},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.