Paper 2010/652

Active Domain Expansion for Normal Narrow-pipe Hash Functions

Xigen Yao

Abstract

Recently several reports of Cryptology ePrint Archive showed the discovering that for a normal iterative hash function the entropy and codomain would reduce greatly,then some conclusions were given: Narrow-pipe hash functions couldn't resist this reducing (But wide-pipe hash functions could.),and generic collision attacks on narrow-pipe hash functions would be faster than birthday paradox.The discovering and conclusions rely on the cases of active domain reducing which causes the empty set of a approximative probability $e^{-1}$ in a iteration.However,we can thwart the conclusions by the way of Active Domain Expansion to keep or recover the entropy , by some amending for any a normal narrow-pipe hash function to realize it.And some hash mode such as LAB Mode can more simply do it.In this paper,we'd introduce Active Domain Expansion which includes Surjection Round and the sum block $\Sigma M_{i}$.The most important is to define a sum block $\Sigma M_{i}$ to replace the input of a normal message block $M_{i}$ in compression function.$\Sigma M_{i}$ is a sum of the foregoing i ``Encoded Blocks''.since the surjection round has the same purport and the form is a part of Active Domain Expansion,Surjections Round will be non-critical section in this paper.Besides,we can redefine the last block of additional bits.By these,a normal narrow-pipe hash function can resist the reducing completely.