混沌Hash函数安全性分析和构造
|
摘要
混沌密码学是非线性科学与密码学交叉融合的一门新的科学。经过了20多年的发展,混沌密码学涉及的范围由初期的流密码和分组密码,扩展到了包含Hash函数、公钥密码、数字水印、图像隐藏等在内的广泛领域,许多基于混沌的信息安全算法和协议相继被提出。作为混沌密码学的一个重要分支,混沌Hash函数是近几年的一个研究热点,也是混沌理论在密码学领域中的一个新应用。
本文主要从两个方面对混沌Hash函数展开研究:一是分析现有的典型混沌Hash方案的安全性并给出有效的攻击方法;二是设计安全性能更好、效率更高的混沌Hash算法。具体工作如下:
(1)分析了Ren等人提出的一种基于时空混沌的Hash函数的安全性。提出了一类针对分段线性混沌映射的算术差分分析方法,并利用此方法找到了目标方案的两类最小差分传播路径。利用最小差分传播路径,设计了一种伪造攻击方案,使攻击者可以在不知道密钥的情况下,从相互关联的8个单分组差分消息及其中间链接Hash值中,以极高的概率伪造出合法的“明文-MAC”对。给出了对目标算法的改进建议。
(2)对Xiao等人提出的一种基于混沌映射的并行带密钥Hash方案和一种基于混沌神经网络的并行Hash方案进行了安全性分析。利用差分分析方法,找到了这两种方案所采用的并行结构的设计缺陷,并设计了两类伪造攻击方案,使得攻击者可在不知道密钥的情况下,利用关联消息及其MAC值,伪造出合法的“明文-MAC”对。指出了这两类方案所采用的基于可变参数的PWLCM系统存在永恒不动点,并成功设计了一类弱密钥攻击方案,使得恶意的认证用户可以通过选择特定的弱密钥,利用不动点来构造有意义的MAC碰撞。
(3)对Xiao等人所提出的一种基于混沌映射的并行Hash改进方案Huang等人所提出的一种基于混沌神经网络的并行Hash改进方案、以及Wang等人所提出的一种基于混沌耦合格子的并行Hash方案进行了密码分析。指出三种改进方案各自的缺陷和不足,并对Xiao方案和Wang方案给出了相应的伪造攻击方案。参考PMAC算法,给出了一种混沌并行Hash的改进结构。
(4)分析了Yang等人所提出的一种基于混沌网络结构的Hash函数的安全性。利用代数分析方法,给出了目标方案混沌压缩函数的方程组模型,并在此基础上,设计了对目标方案的密钥恢复攻击。给出了对目标算法的改进建议。
(5)总结了对多种典型的混沌Hash算法的密码分析成果,分析其安全漏洞的产生原因,并结合传统Hash的经典设计思路,提出了一种全新的混沌Hash算法。新算法采用了宽管道HAIFA迭代结构,可抵御对M-D结构的通用攻击;其压缩函数基于混沌迭代并吸取了一些传统Hash的经典设计。在对所提算法的性能分析中,首次引入了NISSIE项目中对完全性、雪崩效应、严格雪崩准则的统计测试方法,对混沌Hash的非线性扩散程度做了定性分析。理论分析和实验测试表明,该混沌Hash算法在保证算法执行效率的同时,克服了混沌Hash函数设计中的已知安全缺陷,具有较高的安全性。
Chaotic cryptography is a new interdisciplinary field combining cryptography and nonlinear science. Over the last two decades, the scope of chaotic cryptography has vastly extended, from stream cipher and block cipher in the early period, to include hash function, pubic-key cipher, digital watermark and image hiding, etc., and many chaotic cryptographic algorithms and protocols have been proposed so far. Chaotic hash function is a major branch of chaotic cryptography, which has become a research hotspot in recent years, and also a new application of chaos theory in the field of cryptography.
In this thesis, research on chaotic hash function focuses on the following two aspects:firstly, analyzes the security of previously proposed chaotic hash schemes and poses new attacks; secondly, designs new chaotic hash scheme with stronger security properties and higher efficiency. The main contributions of this thesis are given as follows:
Chapter2analyzes the security of a one-way hash function construction based on spatiotemporal chaos, proposed by Ren et al. in2009. A new kind of differential attack named "arithmetic differential attack", is introduced to construct two kinds of differential paths in the round function of Ren's scheme. Based on these differential paths, a simple forgery attack can be devised, where the valid MAC of a random256-bit message can be calculated, without knowledge of the secret key, from eight related256-bit messages and their intermediate hash values. Furthermore, some preliminary advice on how to improve the Ren's scheme is given.
Chapter3analyzes the security of two parallel keyed hash schemes proposed by Xiao et al., separately in2008and2009, where one is based on chaotic maps, and the other is based on chaotic neural network. The security leak of the underlying parallel structure is revealed through differential cryptanalysis, and two kinds of forgery attacks are devised, where the valid MAC of a random message can be calculated from related messages and their MACs, without knowledge of the secret key. In addition, a class of weak-keys in both schemes is discussed, where keys are considered as weak-keys in the sense that they turn the chaotic orbit of PWLCM into fixed point. With these weak keys, different messages will have identical MACs, in other words, MAC collision happens at this case.
In order to overcome the weaknesses of the two parallel keyed hash schemes, three different schemes were proposed, i.e., an improved parallel hash scheme based on chaotic maps proposed by Xiao et al. in2009, an improved parallel hash scheme based on chaotic neural network proposed by Huang et al. in2011, and a parallel hash scheme based coupled map lattices proposed by Wang et al. in2011. The security of these three proposals is analyzed, and their weaknesses are identified. The forgery attacks on Xiao's improved scheme and on Wang's improved scheme are presented, respectively. Moreover, a provable secure parallel structure, which is inspired by the PMAC algorithm, is proposed to remedy these security flaws.
Chapter4analyzes the security of a one-way hash function construction based on chaotic map network, proposed by Yang et al. in2009. It is found that the chaotic round function of Yang's scheme can be translated into a set of systems of linear equations by applying algebraic analysis, and hence a key-recovery attack is devised based on these equations. Preliminary advice on how to improve the original scheme is also discussed.
In Chapter5, the cryptanalysis results available so far are summarized, and the root causes of the security vulnerabilities are analyzed. Then a new chaotic hash function is proposed, which combines the advantages of both chaotic system and conventional hash function. The proposed hash scheme follows HAIFA structure with internal wide-pipe design strategy, which does not suffer from the known generic attacks that work on the M-D construction. The compression function in-use is based on chaotic iteration, and includes some classic design elements form traditional hash function as well. A statistical evaluation methodology developed by NESSIE project is introduced for the performance analysis, which includes three well-known cryptologic measures for diffusion property:the degrees of completeness, of avalanche effect and of strict avalanche criterion. Theoretical analysis and numeric simulation show that the proposed algorithm avoids all known security pitfalls of chaotic hash function, and achieves fast hashing speed as well.
本文主要从两个方面对混沌Hash函数展开研究:一是分析现有的典型混沌Hash方案的安全性并给出有效的攻击方法;二是设计安全性能更好、效率更高的混沌Hash算法。具体工作如下:
(1)分析了Ren等人提出的一种基于时空混沌的Hash函数的安全性。提出了一类针对分段线性混沌映射的算术差分分析方法,并利用此方法找到了目标方案的两类最小差分传播路径。利用最小差分传播路径,设计了一种伪造攻击方案,使攻击者可以在不知道密钥的情况下,从相互关联的8个单分组差分消息及其中间链接Hash值中,以极高的概率伪造出合法的“明文-MAC”对。给出了对目标算法的改进建议。
(2)对Xiao等人提出的一种基于混沌映射的并行带密钥Hash方案和一种基于混沌神经网络的并行Hash方案进行了安全性分析。利用差分分析方法,找到了这两种方案所采用的并行结构的设计缺陷,并设计了两类伪造攻击方案,使得攻击者可在不知道密钥的情况下,利用关联消息及其MAC值,伪造出合法的“明文-MAC”对。指出了这两类方案所采用的基于可变参数的PWLCM系统存在永恒不动点,并成功设计了一类弱密钥攻击方案,使得恶意的认证用户可以通过选择特定的弱密钥,利用不动点来构造有意义的MAC碰撞。
(3)对Xiao等人所提出的一种基于混沌映射的并行Hash改进方案Huang等人所提出的一种基于混沌神经网络的并行Hash改进方案、以及Wang等人所提出的一种基于混沌耦合格子的并行Hash方案进行了密码分析。指出三种改进方案各自的缺陷和不足,并对Xiao方案和Wang方案给出了相应的伪造攻击方案。参考PMAC算法,给出了一种混沌并行Hash的改进结构。
(4)分析了Yang等人所提出的一种基于混沌网络结构的Hash函数的安全性。利用代数分析方法,给出了目标方案混沌压缩函数的方程组模型,并在此基础上,设计了对目标方案的密钥恢复攻击。给出了对目标算法的改进建议。
(5)总结了对多种典型的混沌Hash算法的密码分析成果,分析其安全漏洞的产生原因,并结合传统Hash的经典设计思路,提出了一种全新的混沌Hash算法。新算法采用了宽管道HAIFA迭代结构,可抵御对M-D结构的通用攻击;其压缩函数基于混沌迭代并吸取了一些传统Hash的经典设计。在对所提算法的性能分析中,首次引入了NISSIE项目中对完全性、雪崩效应、严格雪崩准则的统计测试方法,对混沌Hash的非线性扩散程度做了定性分析。理论分析和实验测试表明,该混沌Hash算法在保证算法执行效率的同时,克服了混沌Hash函数设计中的已知安全缺陷,具有较高的安全性。
Chaotic cryptography is a new interdisciplinary field combining cryptography and nonlinear science. Over the last two decades, the scope of chaotic cryptography has vastly extended, from stream cipher and block cipher in the early period, to include hash function, pubic-key cipher, digital watermark and image hiding, etc., and many chaotic cryptographic algorithms and protocols have been proposed so far. Chaotic hash function is a major branch of chaotic cryptography, which has become a research hotspot in recent years, and also a new application of chaos theory in the field of cryptography.
In this thesis, research on chaotic hash function focuses on the following two aspects:firstly, analyzes the security of previously proposed chaotic hash schemes and poses new attacks; secondly, designs new chaotic hash scheme with stronger security properties and higher efficiency. The main contributions of this thesis are given as follows:
Chapter2analyzes the security of a one-way hash function construction based on spatiotemporal chaos, proposed by Ren et al. in2009. A new kind of differential attack named "arithmetic differential attack", is introduced to construct two kinds of differential paths in the round function of Ren's scheme. Based on these differential paths, a simple forgery attack can be devised, where the valid MAC of a random256-bit message can be calculated, without knowledge of the secret key, from eight related256-bit messages and their intermediate hash values. Furthermore, some preliminary advice on how to improve the Ren's scheme is given.
Chapter3analyzes the security of two parallel keyed hash schemes proposed by Xiao et al., separately in2008and2009, where one is based on chaotic maps, and the other is based on chaotic neural network. The security leak of the underlying parallel structure is revealed through differential cryptanalysis, and two kinds of forgery attacks are devised, where the valid MAC of a random message can be calculated from related messages and their MACs, without knowledge of the secret key. In addition, a class of weak-keys in both schemes is discussed, where keys are considered as weak-keys in the sense that they turn the chaotic orbit of PWLCM into fixed point. With these weak keys, different messages will have identical MACs, in other words, MAC collision happens at this case.
In order to overcome the weaknesses of the two parallel keyed hash schemes, three different schemes were proposed, i.e., an improved parallel hash scheme based on chaotic maps proposed by Xiao et al. in2009, an improved parallel hash scheme based on chaotic neural network proposed by Huang et al. in2011, and a parallel hash scheme based coupled map lattices proposed by Wang et al. in2011. The security of these three proposals is analyzed, and their weaknesses are identified. The forgery attacks on Xiao's improved scheme and on Wang's improved scheme are presented, respectively. Moreover, a provable secure parallel structure, which is inspired by the PMAC algorithm, is proposed to remedy these security flaws.
Chapter4analyzes the security of a one-way hash function construction based on chaotic map network, proposed by Yang et al. in2009. It is found that the chaotic round function of Yang's scheme can be translated into a set of systems of linear equations by applying algebraic analysis, and hence a key-recovery attack is devised based on these equations. Preliminary advice on how to improve the original scheme is also discussed.
In Chapter5, the cryptanalysis results available so far are summarized, and the root causes of the security vulnerabilities are analyzed. Then a new chaotic hash function is proposed, which combines the advantages of both chaotic system and conventional hash function. The proposed hash scheme follows HAIFA structure with internal wide-pipe design strategy, which does not suffer from the known generic attacks that work on the M-D construction. The compression function in-use is based on chaotic iteration, and includes some classic design elements form traditional hash function as well. A statistical evaluation methodology developed by NESSIE project is introduced for the performance analysis, which includes three well-known cryptologic measures for diffusion property:the degrees of completeness, of avalanche effect and of strict avalanche criterion. Theoretical analysis and numeric simulation show that the proposed algorithm avoids all known security pitfalls of chaotic hash function, and achieves fast hashing speed as well.
引文
[I]A.J.Menezes, P.C.van Oorschot, S.A.Vanstone. Handbook of Applied Cryptography. 2nd Edition. Boca Raton:CRC Press,1997.
[2]W.B.Mao. Modern Cryptography: Theory and Practice. Beijing:Pearson North Asia Limited and Publishing House of Electronics Industry,2004.
[3]郝柏林.从抛物线谈起:混沌动力学引论.上海科技教育出版社,中国上海,1993.
[4]E.N.Lorenz. Deterministic non-periodic flow. J. Atmospheric Science,20:130-141, 1963.
[5]C.E.Shannon. Communication Theory of Secret Systems. Bell System Technical Journal.1949,28:656-715.
[6]M.Gotz, K.Kelber and W.Schwarz. Discrete-time chaotic encryption systems-Part I: Statistical design approach. IEEE Trans. Circuits and Systems-I,1997,44(10): 963-970.
[7]J.Fridrich. Symmetric ciphers based on two-dimensional chaotic maps. Int. J. Bifurcation and Chaos,1998,8(6):1259-1284.
[8]L.Kocarev, G.Jakimoski, T.Stojanovski, et al. From chaotic maps to encryption schemes. In proc:IEEE Int. Symposium Circuits and Systems 98,1998,4:514-517.
[9]S.J.Li, Xuanqin Mou, and Yuanlong Cai. Pseudo-random bit generator based on couple chaotic systems and its application in stream-ciphers cryptography. In Progress in Cryptology-INDOCRYPT 2001. Springer-Verlag,2001, LNCS 2247:316-329.
[10]王小敏.非线性动力学滤波器设计及其在信息安全中的应用研究.西南交通大学博士学位论文,2007.
[11]R.A.J.Matthews. On the derivation of a chaotic encryption algorithm. Cryptologia, XIII(l):29-42,1989.
[12]D.R.Stinson密码学原理与实践.冯登国.第二版.电子工业出版社,中国北京,2005.
[13]中国密码协会.密码学学科发展报告(2009-2010).中国科学技术出版社,中国北京,2010.
[14]刘军宁,谢杰成,王普.基于混沌映射的单向Hash函数构造.清华大学学报,40(7):55-58,2000.
[15]K.W.Wong. A combined chaotic cryptographic and hashing scheme. Phys. Lett. A, 307:292-298,2003.
[16]李红达,冯登国,复合离散混沌动力系统与Hash函数,计算机学报,2003,26(4):460-464.
[17]王小敏,张家树,张文芳.基于广义混沌映射切换的单向Hash函数构造.物理学报,2003,52(11):2737-2742.
[18]X.Yi. Hash function based on chaotic tent maps. IEEE Trans, on Circuits and Systems II,2005,52(6):354-357.
[19]D.Xiao, X.F.Liao, S.J.Deng. One-way Hash function construction based on the chaotic map with changeable-parameter. Chaos, Solitons and Fractals,2005, 24(1):65-71.
[20]彭飞,丘水生,龙敏.基于二维超混沌映射的单向Hash函数构造,物理学报,2005,54(10):4562-4568.
[21]王小敏,张家树,张文芳.基于复合非线性数字滤波器的Hash函数构造.物理学报,2005,54(12):5566-5573.
[22]张瀚,王秀峰,李朝晖等.基于时空混沌系统的单向Hash函数构造.物理学报,2005,54(9):4006-4011.
[23]肖迪.混沌理论在数字产品安全中的应用研究.重庆大学博士论文,2005.
[24]邓绍江.混沌理论及其在信息安全中的应用研究.重庆大学博士论文,2005.
[25]S.G.Lian, J.S.Sun, Z.Q.Wang. Secure hash function based on neural network. Neurocomputing,2006,69(16-18):2346-2350.
[26]王小敏,张文芳,张家树,基于非线性数字滤波器的混沌Hash函数设计.计算机辅助设计与图形学学报,2006,18(6):870-875.
[27]郭现峰,张家树.基于混沌动态S-Box的Hash函数.物理学报,2006,55(9):4442-4449.
[28]韦鹏程,张伟,廖晓峰等.基于双混沌系统的带秘密密钥散列函数构造.通信学报,2006,27(9):27-33.
[29]游中胜,刘峰.构造基于Logistic映射的Hash函数.计算机科学,2006,33(4):106-107.
[30]盛利元,李更强,李志炜.基于切延迟椭圆反射腔映射系统的单向Hash函数构造.物理学报,2006,55(11):5700-5706.
[31]王继志,王英龙,王美琴.一类基于混沌映射构造Hash函数方法的碰撞缺陷.物理学报,2006,55(10):5048-5054.
[32]刘光杰,单梁,孙金生等,基于时空混沌系统构造Hash函数,控制与决策,2006,21(11):1244-1248.
[33]刘光杰,单梁,戴跃伟等,基于混沌神经网络的单向Hash函数,物理学报,2006,55(11):5688-5693.
[34]S.H.Wang, G.Hu. Hash function based on chaotic map lattices. Chaos,2007,17(02): 3119.
[35]J.S.Zhang, X.M.Wang, W.F.Zhang. Chaotic keyed hash function based on Feedforward-Feedback nonlinear digital filter, Phys. Lett. A,2007, 362(5-6):439-448.
[36]刘建东,余有明.基于可变参数双向耦合映像系统的时空混沌Hash函数设计.物理学报,2007,56(3):1297-1304.
[37]刘建东,付秀丽,基于耦合帐蓬映射的时空混沌单向Hash函数构造.通信学报,2007,28(6):30-38.
[38]王永.混沌加密算法和Hash函数构造研究.重庆大学博士论文,2007.
[39]Y.Wang, X.F.Liao, D.Xiao and K.W.Wong. One-way hash function construction based on 2D coupled map lattices. Information Sciences,2008,178(5):1391 - 1406.
[40]D.Xiao, X.F.Liao and S.J.Deng. Parallel keyed hash function construction based on chaotic maps. Phys. Lett. A,2008,372(26):4682-4688.
[41]Q.T.Yang, T.G.Gao. One-way hash function based on hyper-chaotic cellular neural network. Chinese Physics B,2008,17(7):2388-2393.
[42]M.Long, F.Peng, G.R. Chen. Constructing a one-way hash function based on the unified chaotic system. Chinese Physics B,2008,17(10):3588-3595.
[43]M.Plonkowski. Analysis of chaotic map in hash functions based on neural networks. Przeglad Elektrotechniczny,2008,84(3):102-104.
[44]郭伟,曹阳,王小敏,何大可.基于混沌动态参数的散列函数.通信学报,2008,29(10):93-100.
[45]王继志,王美琴,王英龙.一种基于混沌的带密钥hash函数的碰撞问题及分析.物理学报,2008,57(5):2737-2742.
[46]陈军华,张星臣,徐彬,王大虎.基于多个非线性映射模型的单向Hash函数算法研究.铁道学报,2008,30(1):93-97.
[47]姜楠,杨德礼,鲍明宇,袁克杰.基于维混沌系统的Hash函数构造算法.北京师范大学学报,2008,44(4):371-375.
[48]张雪锋,范九伦.基于分段Logistic混沌映射的单向Hash函数.武汉大学学报.2008,54(5):588-592.
[49]刘建东.基于整数耦合帐篷映射的单向Hash函数.计算机研究与发展,2008,45(3):563-569.
[50]邓绍江,廖晓峰,肖迪.一种基于混沌的可并行Hash函数.计算机科学,2008,35(6):217-219.
[51]王永,廖晓峰,杜茂康.一种新的基于时空混沌的单向Hash函数构造.计算机科学,2008,35(12):196-199.
[52]M.Amin, O.S.Faragallah, A.A.A.El-Latif. Chaos-based hash function (CBHF) for cryptographic applications. Chaos, Solitons and Fractals,2009,42(2):767-772.
[53]S.J.Deng, D.Xiao, Y.T.Li and W.B.Peng. A novel combined cryptographic and hash algorithm based on chaotic control character. Commun Nonlinear Sci Numer Simul, 2009,14(1):574-581.
[54]H.Q.Yang, K.W.Wong and X.F. Liao et al. One-way hash function construction based on chaotic map network. Chaos, Solitons and Fractals,2008,41(5):2566-2574.
[55]A.Akhavan, A.Samsudin and A.Akhshani. Hash function based on piecewise nonlinear chaotic map. Chaos, Solitons and Fractals,2009,42(2):1046-1053.
[56]H.J.Ren, Y.Wang, Q.Xie and H.J.Yang. A novel method for one-way hash function construction based on spatiotemporal chaos. Chaos, Solitons and Fractals,2009, 42(4):2014-2022.
[57]A.Akhshan, S.Behnia and A.Akhavan et al. Hash function based on hierarchy of 2D piecewise nonlinear chaotic maps. Chaos, Solitons and Fractals,2009,42(4): 2405-2412.
[58]W.Guo, X.M.Wang, D.K.He and Y.Cao. Cryptanalysis on a parallel keyed hash function based on chaotic maps. Phys. Lett. A,2009,373(36):3201-3206.
[59]D.Xiao, X.F.Liao and Y.Wang. Improving the security of a parallel keyed hash function based on chaotic maps. Phys. Lett. A,2009,373(47):4346-4353.
[60]D.Xiao, X.F.Liao and Y.Wang. Parallel keyed hash function construction based on chaotic neural network. Neurocomputing,2009,72(10-12):2288-2296.
[61]任海鹏,庄元.基于超混沌Chen系统和密钥流构造单向散列函数的方法.通信学报,2009,30(10):100-106.
[62]蒋楠.混沌Hash函数及其在电了商务安全中的应用研究.大连理工大学博士论文,2009.
[63]S.J. Deng, Y.T Li, D.Xiao. Analysis and improvement of a chaos-based Hash function construction. Commun Nonlinear Sci Numer Simul,2010,15(5):1338-1347.
[64]D.Xiao, W.B.Peng, X.F. Liao and T.Xiang. Collision analysis of one kind of chaos-based hash function. Phys. Lett. A,2010,374(10):1228-1231.
[65]J.Z.Wang, S.J.Xu, M.Tian and Y.L.Wang. The analysis for a chaos-based one-way hash algorithm.2010 International Conference on Electrical and Control Engineering (ICECE 2010), Wuhan China,2010:4790-4793.
[66]C.Guyeux, J.M.Bahi. Topological chaos and chaotic iterations application to hash functions.2010 International Joint Conference on Neural Networks (IJCNN 2010), Barcelona Spain,2010:1-7.
[67]郭伟,王小敏,刘景,何大可.基于混沌消息扩展的Hash函数.西南交通大学学报,2010,45(5):751-757.
[68]程艳云,宋玉蓉.基于耦合映像格子混沌系统的Hash函数构造.应用科学学报,2010,28(1):44-48.
[69]Y.Wang, K.W.Wong and D.Xiao. Parallel hash function construction based on coupled map lattices. Commun Nonlinear Sci Numer Simul,2011,16(7):2810-2821.
[70]Z.Q.Huang. A more secure parallel keyed hash function based on chaotic neural network. Commun Nonlinear Sci Numer Simul,2011,16(8):3245-3256.
[71]Y.T.Li, S.J.Deng, D.Xiao. A novel Hash algorithm construction based on chaotic neural network. Neural Comput & Applic,2011,20(1):133-141.
[72]T.A.Berson, L.Gong. Secure, keyed, and collisionful Hash functions. SRI International Laboratory, Menlo Park, California,1993.
[73]B.Preneel. Analysis and design of cryptographic hash functions. Ph.D. thesis, Katholieke Universiteit Leuven,1993.
[74]冯登国.国内外密码学研究现状及发展趋势.通信学报.2002,23(5):18-26.
[75]R.L.Rivest, The MD4 Message Digest Algorithm, Advances in Cryptology, Crypto'90, LNCS 537:303-311,1991.
[76]R.L.Rivest, The MD5 Message Digest Algorithm, Request for Comments(RFC)1320, Internet Activities Board, Internet Privacy Task Force,1992.
[77]Y.Zheng, J.Pieprzyk, J.Seberry. HAVAL-A One-way Hashing Algorithm with Variable Length of Output, Auscrypto'92.
[78]RIPE, Integrity Primitives for Secure Information Systems, Final Report of RACE Integrity Primitives Evaluation(RIPE-RACE 1040), LNCS 1007,1995.
[79]H.Dobbertin, A.Bosselaers, B.Preneel. RIPMEMD-160:A Strengthened Version of RIPMMD, Fast Software EncrZption, LNCS 1039, D.Gollmann, Ed., Springer-Verlag: 71-82,1996.
[80]NIST. FIPS 180:Secure Hash Standard.1993.
[81]I.B.Damgard, A Design Principle for Hash Functions, Advances in Cryptology, Crypto'89, LNCS 435:416-427,1990.
[82]R.C.Merkle, A Certified Digital Signatur, Advances in Cryptology, Crypto'89, LNCS 435:218-238,1990.
[83]P.R.Kasselman. Analysis and design of cryptographic hash functions, M.S. thesis, University of Pretoria,1999.
[84]冯登国,裴定一.密码学导引.科学出版社,中国北京,1999.
[85]M.Bellare, T.Kohno. Hash function balance and its impact on Birthday attacks, In: Eurocrypt'04, LNCS 3027, Springer-verlag,2004.
[86]E.Biham, A. Shamir. Differential Cryptanalysis of DES-Like Cryptosystems. Journal of Cryptology,1991,4(1):3-72.
[87]J.-J.Quisquater, J.-P.Delescaille. How easy is collision search? Application to DES. Advances in Cryptology-Eurocrypt'89, LNCS 434, Springer-Verlag:429-434,1989.
[88]J.-J.Quisquater, J.-P.Delescaille. How easy is collision search? New results and applications to DES. Advances in Cryptology-Crypto'89, LNCS 435, Springer-Verlag: 408-413,1989.
[89]B.Kaliski, M. Robshaw. Message authentication with MD5. CryptoBytes (RSA Laboratories Technical Newsletter),1995, 1(l):5-8.
[90]B.Preneel, P.C. van Oorschot. MDx-MAC and building fast MACs from hash functions. Advances in Cryptology, Proceedings Crypto'95,1995, LNCS 963:1-14.
[91]X.Lai, J.Massey. Hash Functions Based on Block Ciphers. Advances in Cryptology-EURO-CRYPT'92,1993, LNCS 1440:55-70.
[92]C.Schilling, H.Meyer. Secure Program Load with Manipulation Detection Code. Proceedings of Securicom'88,1988:111-130.
[93]ANSI. Working Draft:Public Key Cryptography Using Reversible Algorithms for the Financial Services Industry.1993.
[94]ISO. Information Technology-Security Techniques-Hash Functions.1991.
[95]F.Mendel, N.Pramstaller, C.Rechberger. Cryptanalysis of the GOST Hash function. Advances in Cryptology-CRYPTO'2008,2008, LNCS 5157:162-178.
[96]F.Mendel, N.Pramstaller. A (Second) Preimage Attack on the GOST Hash function. Fast Software Encryption2008,2008, LNCS 5086:224-234.
[97]NIST. FIPS 180-1:Secure Hash Standard.1995.
[98]NIST. FIPS 180-2:Secure Hash Standard.2002.
[99]B.den Boer, A.Bosselaers. Collisions for the Compression Function of MD5. Advances in Cryptology-EURO-CRYPT'93,1993, LNCS 765:293-304.
[100]H.Dobbertin. Cryptoanalysis of MD5 Compress.1996
[101]H.Dobbertin. Cryptoanalysis of MD4. Journal of Cryptology.1998,11(4):253-271.
[102]F.Chabaud and A.Joux. Differential collisions in SHA-0. Advances in Cryptology-CRYPTO'98,1998, LNCS 1462:56-71.
[103]X.Y.Wang. Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD, rump session of Crypto'04, http://eprint.iacr.org/2004/199.pdf,2004.
[104]X.Y. Wang, H.B. Yu. How to Break MD5 and Other Hash Functions. Advances in Cryptology-Eurocrypt 05, LNCS 3494:1-18,2005.
[105]X.Y. Wang, H.B. Yu, Y.Q. Yin. Efficient Collision Search Attacks on SHA-0, Advances in Cryptology-Crypto 05, LNCS 3621:1-16,2005.
[106]X.Y. Wang, Y.Q.Yin, H.B. Yu. Finding Collisions in the Full SHA-1, Advances in Cryptology-Crypto 05, LNCS 3621:17-36,2005.
[107]M.Stevens. Fast Collision Attack on MD5. http://eprint.iacr.org/2006/104.pdf,2006.
[108]P.Fouque, G.L.A.Phong. Automatic Search of Differential Path in MD4. ECRYPT Hash Workshop,2007.
[109]M.Daum, D.Lucks. The Story of Alice and Bob. Rump Session of EUROCRYPT 2005, 2005.
[110]M.Stevens, A.K.Lenstra, B.D. Weger. Chosen-prefix collisions for MD5 and colliding X.509 certificates for different identities. EUROCRYPT 2007, LNCS 4515, 2007:1-22.
[111]M.Stevens, A.Sotirov, J.Appelbaum, et al. Short Chosen-Prefix Collision for MD5 and the Creation of a Rogue CA Certificate. Advances in Cryptology-CRYPTO'2009, 2009, LNCS 5677:55-69.
[112]Y.Sasaki, K.Aoki. Finding Preimages in full MD5 Faster than Exhaustive Search. Advances in Cryptology-EURO-CRYPT'2009,2009, LNCS 5679:134-152.
[113]K.Aoki, Y.Sasaki. Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1. Advances in Cryptology-CRYPTO'2009,2009, LNCS 5677:70-89.
[114]P. S. L. M. Barreto and V. Rijmen. The Whirlpool hashing function. Submitted to NESSIE,2003. www.larc.usp.br/-pbarreto/WhirlpoolPage.html.
[115]F.Mendel, C.Rechberger, M.Schlaffer, et al. The Rebound Attack:Cryptanalysis of Reduced Whirlpool and GrkoStl. Fast Software Encryption,2009, LNCS 5665:260-276.
[116]M.Lamberger, F.Mendel, C.Rechberger et al. Rebound Distinguishers:Results on the Full Whirlpool Compression Function. Advances in Cryptology-ASIA-CRYPT'2009, 2009, LNCS 5912:126-143.
[117]A.Joux. Multicollisions in iterated Hash functions. Application to Cascaded Constructions. Advances in Cryptology-CRYPTO'2004,2004, LNCS 3152:306-316.
[118]J.Kelsey, B.Schneier. Second Preimages on n-bit Hash functions for Much less than 2(?){n} Work. Advances in Cryptology-EURO-CRYPT'2005,2005, LNCS 3494: 474-490.
[119]J.Kelsey, T.Knhno. Herding Hash Functions and the Nostradamus Attack. Advances in Cryptology-EURO-CRYPT'2006,2006, LNCS 4004:183-200.
[120]S.Lucks. A Failure-Friendly Design Principle for Hash Functions. Advances in Cryptology-ASIA-CRYPT2005,2005, LNCS 3788:474-494.
[121]R.L.Rivest. Abelian Square-Free Dithering and Recoding for Iterated Hash Functions. ECRYPT,2005.
[122]E.Biham, O.Dunkelman. A Framework for Iterative Hash Functions-HAIFA.2006. http://eprint.iacr.org/2007/278.pdf.
[123]G.Bertoni, J.Daemen, M.Peeters, et al. On the Indifferentiability oˉf the Sponge Construction. Advances in Cryptology-EURO-CRYPT'2008,2008, LNCS 4965: 181-197.
[124]NIST has selected the Third (Final) Round Candidates of the SHA-3 Competition. http://csrc.nist. gov/groups/ST/hash/sha-3/Round3/documents/Email_Announcing_Fin alists.pdf
[125]T.Y. Li, J.A. Yorke. Period three implies chaos. Am.Math.Monthly.1975,82:985-992.
[126]J.Banks, J.Brooks, G.Cairns, G.Davis and P.stacey. On Devaney's definition of chaos. Amer.math.Monthly,1992,99:332-334.
[127]韩敏.混沌时间序列预测理论与方法.中国水利水电出版社,中国北京,2007.
[128]黄润生,黄浩.混沌及其应用.武汉大学出版社,中国武汉,2005.
[129]张琪昌,王洪礼,竺致文等.分岔与混沌理论及应用.天津大学出版社,中国天津,2005
[130]K.M.Short. Step towards unmasking secure communications. Int.J. Bifurcation Chaos. 1994,4(4):959-977.
[131]K.M.Short. Signal extracting from chaotic communications, Int. J. Bifurcation Chaos. 1997,7(7):1579-1597.
[132]张家树,肖先赐.基于广义混沌映射切换的混沌同步保密通信.物理学报,2001,50(11):2121-2125.
[133]S.J.Li, G.R.Chen, X.Q.Mou. On the dynamical degradation of digital piecewise linear chaotic maps. Chaos.2005,15(10):3119-3153.
[134]S.J.Li, Q.Li, W.M.Li, et al. Statistical Properties of Digital Piecewise Linear Chaotic Maps and Their Roles in Cryptography and Pseudo-Random Coding. IMA-C & C 2001, LNCS 2260,2001:205-221.
[135]R.Davies and W.Price. Digital signature-An update, in Proc. Int.Conf. Computer Communications, Sydney, NSW, Australia, Oct.1984,843-847.
[136]S.Matyas, C.Meyer and J.Oseas. Generating strong one-way function with cryptographic algorithm. IBM Tech. Discl. Bull.,1985,27(10a):5658-5659.
[137]M.Boesgaard, M.Vesterager, T.Christensen, E.Zenner. The Stream Cipher Rabbit. http://www.ecrypt.eu. org/stream/p3ciphers/rabbit/rabbit_p3.pdf.
[138]冯登国.密码分析学.清华大学出版社,中国北京,2000.
[139]M.Boesgaard, M.Vesterager, T.Christensen, E.Zenner. The Stream Cipher Rabbit. http://www.ecrypt.eu. org/stream/p3ciphers/rabbit/rabbit_p3.pdf.
[140]C.Q.Li, S.J.Li and G.Alvarez et al. Cryptanalysis of two chaotic encryption schemes based on circular bit shift and XOR operations. Physics Letters A.2007,369(1-2): 23-30.
[141]A.G.Bafghi, R.Safabakhsh and B.Sadeghiyan. Finding the differential characteristics of block ciphers with neural networks. Information Sciences.2008,178(15): 3118-3132.
[142]J.Y. Yang, D.Xiao and T.Xiang. Cryptanalysis of a chaos block cipher for wireless sensor network. Commun Nonlinear Sci Numer Simul,2011,16(2):844-850.
[143]S.G.Lian, J.S.Sun and Z.Q.Wang, Security analysis of a chaos-based image encryption algorithm, Phys A:Statist Mech Appl.2005,351(2-4):645-661.
[144]C.Q.Li, S.J.Li, G.R.Chen and W.A.Halang. Cryptanalysis of an image encryption scheme based on a compound chaotic sequence. Image Vision Comput.2009,27(8): 1035-1039.
[145]C.Q.Li, S.J.Li, K.T.Lo and K.Kyamakya. A differential cryptanalysis of Yen-Chen-Wu multimedia cryptography system. Journal of Systems and Software.2010,83(8): 1443-1452.
[146]J.Black, P.Rogaway. A block-cipher mode of operation for parallelizable message authentication. Advances in Cryptology-EURO-CRYPT'2002,2006, LNCS 2332: 384-401.
[147]N.Courtois and W.Meier. Algebraic attacks on stream ciphers with linear feedback. 2003, LNCS 2656:345-359.
[148]李正.杂凑函数结构研究现状及新的结构设计.硕十论文,山东大学,2010.
[149]R.D.Dean. Formal Aspects of Mobile Code Security. Ph.D. dissertation, Princeton University,1999.
[150]J.P.Boly. Dependence test, Tech. report, RIPE Tools for NESSIE Tools-P10-7,1990.
[151]B.Preneel, A.Bosselaers, V.Rijmen. Comments by the NESSIE project on the AES finalists. AES Round 2 public comment, http://www.nist.gov/aes,2000-05.
[152]朱明富,张宝东,吕述望.分组密码算法扩散特性的一种统计分析.通信学报,2002,23(10):122-128.
[2]W.B.Mao. Modern Cryptography: Theory and Practice. Beijing:Pearson North Asia Limited and Publishing House of Electronics Industry,2004.
[3]郝柏林.从抛物线谈起:混沌动力学引论.上海科技教育出版社,中国上海,1993.
[4]E.N.Lorenz. Deterministic non-periodic flow. J. Atmospheric Science,20:130-141, 1963.
[5]C.E.Shannon. Communication Theory of Secret Systems. Bell System Technical Journal.1949,28:656-715.
[6]M.Gotz, K.Kelber and W.Schwarz. Discrete-time chaotic encryption systems-Part I: Statistical design approach. IEEE Trans. Circuits and Systems-I,1997,44(10): 963-970.
[7]J.Fridrich. Symmetric ciphers based on two-dimensional chaotic maps. Int. J. Bifurcation and Chaos,1998,8(6):1259-1284.
[8]L.Kocarev, G.Jakimoski, T.Stojanovski, et al. From chaotic maps to encryption schemes. In proc:IEEE Int. Symposium Circuits and Systems 98,1998,4:514-517.
[9]S.J.Li, Xuanqin Mou, and Yuanlong Cai. Pseudo-random bit generator based on couple chaotic systems and its application in stream-ciphers cryptography. In Progress in Cryptology-INDOCRYPT 2001. Springer-Verlag,2001, LNCS 2247:316-329.
[10]王小敏.非线性动力学滤波器设计及其在信息安全中的应用研究.西南交通大学博士学位论文,2007.
[11]R.A.J.Matthews. On the derivation of a chaotic encryption algorithm. Cryptologia, XIII(l):29-42,1989.
[12]D.R.Stinson密码学原理与实践.冯登国.第二版.电子工业出版社,中国北京,2005.
[13]中国密码协会.密码学学科发展报告(2009-2010).中国科学技术出版社,中国北京,2010.
[14]刘军宁,谢杰成,王普.基于混沌映射的单向Hash函数构造.清华大学学报,40(7):55-58,2000.
[15]K.W.Wong. A combined chaotic cryptographic and hashing scheme. Phys. Lett. A, 307:292-298,2003.
[16]李红达,冯登国,复合离散混沌动力系统与Hash函数,计算机学报,2003,26(4):460-464.
[17]王小敏,张家树,张文芳.基于广义混沌映射切换的单向Hash函数构造.物理学报,2003,52(11):2737-2742.
[18]X.Yi. Hash function based on chaotic tent maps. IEEE Trans, on Circuits and Systems II,2005,52(6):354-357.
[19]D.Xiao, X.F.Liao, S.J.Deng. One-way Hash function construction based on the chaotic map with changeable-parameter. Chaos, Solitons and Fractals,2005, 24(1):65-71.
[20]彭飞,丘水生,龙敏.基于二维超混沌映射的单向Hash函数构造,物理学报,2005,54(10):4562-4568.
[21]王小敏,张家树,张文芳.基于复合非线性数字滤波器的Hash函数构造.物理学报,2005,54(12):5566-5573.
[22]张瀚,王秀峰,李朝晖等.基于时空混沌系统的单向Hash函数构造.物理学报,2005,54(9):4006-4011.
[23]肖迪.混沌理论在数字产品安全中的应用研究.重庆大学博士论文,2005.
[24]邓绍江.混沌理论及其在信息安全中的应用研究.重庆大学博士论文,2005.
[25]S.G.Lian, J.S.Sun, Z.Q.Wang. Secure hash function based on neural network. Neurocomputing,2006,69(16-18):2346-2350.
[26]王小敏,张文芳,张家树,基于非线性数字滤波器的混沌Hash函数设计.计算机辅助设计与图形学学报,2006,18(6):870-875.
[27]郭现峰,张家树.基于混沌动态S-Box的Hash函数.物理学报,2006,55(9):4442-4449.
[28]韦鹏程,张伟,廖晓峰等.基于双混沌系统的带秘密密钥散列函数构造.通信学报,2006,27(9):27-33.
[29]游中胜,刘峰.构造基于Logistic映射的Hash函数.计算机科学,2006,33(4):106-107.
[30]盛利元,李更强,李志炜.基于切延迟椭圆反射腔映射系统的单向Hash函数构造.物理学报,2006,55(11):5700-5706.
[31]王继志,王英龙,王美琴.一类基于混沌映射构造Hash函数方法的碰撞缺陷.物理学报,2006,55(10):5048-5054.
[32]刘光杰,单梁,孙金生等,基于时空混沌系统构造Hash函数,控制与决策,2006,21(11):1244-1248.
[33]刘光杰,单梁,戴跃伟等,基于混沌神经网络的单向Hash函数,物理学报,2006,55(11):5688-5693.
[34]S.H.Wang, G.Hu. Hash function based on chaotic map lattices. Chaos,2007,17(02): 3119.
[35]J.S.Zhang, X.M.Wang, W.F.Zhang. Chaotic keyed hash function based on Feedforward-Feedback nonlinear digital filter, Phys. Lett. A,2007, 362(5-6):439-448.
[36]刘建东,余有明.基于可变参数双向耦合映像系统的时空混沌Hash函数设计.物理学报,2007,56(3):1297-1304.
[37]刘建东,付秀丽,基于耦合帐蓬映射的时空混沌单向Hash函数构造.通信学报,2007,28(6):30-38.
[38]王永.混沌加密算法和Hash函数构造研究.重庆大学博士论文,2007.
[39]Y.Wang, X.F.Liao, D.Xiao and K.W.Wong. One-way hash function construction based on 2D coupled map lattices. Information Sciences,2008,178(5):1391 - 1406.
[40]D.Xiao, X.F.Liao and S.J.Deng. Parallel keyed hash function construction based on chaotic maps. Phys. Lett. A,2008,372(26):4682-4688.
[41]Q.T.Yang, T.G.Gao. One-way hash function based on hyper-chaotic cellular neural network. Chinese Physics B,2008,17(7):2388-2393.
[42]M.Long, F.Peng, G.R. Chen. Constructing a one-way hash function based on the unified chaotic system. Chinese Physics B,2008,17(10):3588-3595.
[43]M.Plonkowski. Analysis of chaotic map in hash functions based on neural networks. Przeglad Elektrotechniczny,2008,84(3):102-104.
[44]郭伟,曹阳,王小敏,何大可.基于混沌动态参数的散列函数.通信学报,2008,29(10):93-100.
[45]王继志,王美琴,王英龙.一种基于混沌的带密钥hash函数的碰撞问题及分析.物理学报,2008,57(5):2737-2742.
[46]陈军华,张星臣,徐彬,王大虎.基于多个非线性映射模型的单向Hash函数算法研究.铁道学报,2008,30(1):93-97.
[47]姜楠,杨德礼,鲍明宇,袁克杰.基于维混沌系统的Hash函数构造算法.北京师范大学学报,2008,44(4):371-375.
[48]张雪锋,范九伦.基于分段Logistic混沌映射的单向Hash函数.武汉大学学报.2008,54(5):588-592.
[49]刘建东.基于整数耦合帐篷映射的单向Hash函数.计算机研究与发展,2008,45(3):563-569.
[50]邓绍江,廖晓峰,肖迪.一种基于混沌的可并行Hash函数.计算机科学,2008,35(6):217-219.
[51]王永,廖晓峰,杜茂康.一种新的基于时空混沌的单向Hash函数构造.计算机科学,2008,35(12):196-199.
[52]M.Amin, O.S.Faragallah, A.A.A.El-Latif. Chaos-based hash function (CBHF) for cryptographic applications. Chaos, Solitons and Fractals,2009,42(2):767-772.
[53]S.J.Deng, D.Xiao, Y.T.Li and W.B.Peng. A novel combined cryptographic and hash algorithm based on chaotic control character. Commun Nonlinear Sci Numer Simul, 2009,14(1):574-581.
[54]H.Q.Yang, K.W.Wong and X.F. Liao et al. One-way hash function construction based on chaotic map network. Chaos, Solitons and Fractals,2008,41(5):2566-2574.
[55]A.Akhavan, A.Samsudin and A.Akhshani. Hash function based on piecewise nonlinear chaotic map. Chaos, Solitons and Fractals,2009,42(2):1046-1053.
[56]H.J.Ren, Y.Wang, Q.Xie and H.J.Yang. A novel method for one-way hash function construction based on spatiotemporal chaos. Chaos, Solitons and Fractals,2009, 42(4):2014-2022.
[57]A.Akhshan, S.Behnia and A.Akhavan et al. Hash function based on hierarchy of 2D piecewise nonlinear chaotic maps. Chaos, Solitons and Fractals,2009,42(4): 2405-2412.
[58]W.Guo, X.M.Wang, D.K.He and Y.Cao. Cryptanalysis on a parallel keyed hash function based on chaotic maps. Phys. Lett. A,2009,373(36):3201-3206.
[59]D.Xiao, X.F.Liao and Y.Wang. Improving the security of a parallel keyed hash function based on chaotic maps. Phys. Lett. A,2009,373(47):4346-4353.
[60]D.Xiao, X.F.Liao and Y.Wang. Parallel keyed hash function construction based on chaotic neural network. Neurocomputing,2009,72(10-12):2288-2296.
[61]任海鹏,庄元.基于超混沌Chen系统和密钥流构造单向散列函数的方法.通信学报,2009,30(10):100-106.
[62]蒋楠.混沌Hash函数及其在电了商务安全中的应用研究.大连理工大学博士论文,2009.
[63]S.J. Deng, Y.T Li, D.Xiao. Analysis and improvement of a chaos-based Hash function construction. Commun Nonlinear Sci Numer Simul,2010,15(5):1338-1347.
[64]D.Xiao, W.B.Peng, X.F. Liao and T.Xiang. Collision analysis of one kind of chaos-based hash function. Phys. Lett. A,2010,374(10):1228-1231.
[65]J.Z.Wang, S.J.Xu, M.Tian and Y.L.Wang. The analysis for a chaos-based one-way hash algorithm.2010 International Conference on Electrical and Control Engineering (ICECE 2010), Wuhan China,2010:4790-4793.
[66]C.Guyeux, J.M.Bahi. Topological chaos and chaotic iterations application to hash functions.2010 International Joint Conference on Neural Networks (IJCNN 2010), Barcelona Spain,2010:1-7.
[67]郭伟,王小敏,刘景,何大可.基于混沌消息扩展的Hash函数.西南交通大学学报,2010,45(5):751-757.
[68]程艳云,宋玉蓉.基于耦合映像格子混沌系统的Hash函数构造.应用科学学报,2010,28(1):44-48.
[69]Y.Wang, K.W.Wong and D.Xiao. Parallel hash function construction based on coupled map lattices. Commun Nonlinear Sci Numer Simul,2011,16(7):2810-2821.
[70]Z.Q.Huang. A more secure parallel keyed hash function based on chaotic neural network. Commun Nonlinear Sci Numer Simul,2011,16(8):3245-3256.
[71]Y.T.Li, S.J.Deng, D.Xiao. A novel Hash algorithm construction based on chaotic neural network. Neural Comput & Applic,2011,20(1):133-141.
[72]T.A.Berson, L.Gong. Secure, keyed, and collisionful Hash functions. SRI International Laboratory, Menlo Park, California,1993.
[73]B.Preneel. Analysis and design of cryptographic hash functions. Ph.D. thesis, Katholieke Universiteit Leuven,1993.
[74]冯登国.国内外密码学研究现状及发展趋势.通信学报.2002,23(5):18-26.
[75]R.L.Rivest, The MD4 Message Digest Algorithm, Advances in Cryptology, Crypto'90, LNCS 537:303-311,1991.
[76]R.L.Rivest, The MD5 Message Digest Algorithm, Request for Comments(RFC)1320, Internet Activities Board, Internet Privacy Task Force,1992.
[77]Y.Zheng, J.Pieprzyk, J.Seberry. HAVAL-A One-way Hashing Algorithm with Variable Length of Output, Auscrypto'92.
[78]RIPE, Integrity Primitives for Secure Information Systems, Final Report of RACE Integrity Primitives Evaluation(RIPE-RACE 1040), LNCS 1007,1995.
[79]H.Dobbertin, A.Bosselaers, B.Preneel. RIPMEMD-160:A Strengthened Version of RIPMMD, Fast Software EncrZption, LNCS 1039, D.Gollmann, Ed., Springer-Verlag: 71-82,1996.
[80]NIST. FIPS 180:Secure Hash Standard.1993.
[81]I.B.Damgard, A Design Principle for Hash Functions, Advances in Cryptology, Crypto'89, LNCS 435:416-427,1990.
[82]R.C.Merkle, A Certified Digital Signatur, Advances in Cryptology, Crypto'89, LNCS 435:218-238,1990.
[83]P.R.Kasselman. Analysis and design of cryptographic hash functions, M.S. thesis, University of Pretoria,1999.
[84]冯登国,裴定一.密码学导引.科学出版社,中国北京,1999.
[85]M.Bellare, T.Kohno. Hash function balance and its impact on Birthday attacks, In: Eurocrypt'04, LNCS 3027, Springer-verlag,2004.
[86]E.Biham, A. Shamir. Differential Cryptanalysis of DES-Like Cryptosystems. Journal of Cryptology,1991,4(1):3-72.
[87]J.-J.Quisquater, J.-P.Delescaille. How easy is collision search? Application to DES. Advances in Cryptology-Eurocrypt'89, LNCS 434, Springer-Verlag:429-434,1989.
[88]J.-J.Quisquater, J.-P.Delescaille. How easy is collision search? New results and applications to DES. Advances in Cryptology-Crypto'89, LNCS 435, Springer-Verlag: 408-413,1989.
[89]B.Kaliski, M. Robshaw. Message authentication with MD5. CryptoBytes (RSA Laboratories Technical Newsletter),1995, 1(l):5-8.
[90]B.Preneel, P.C. van Oorschot. MDx-MAC and building fast MACs from hash functions. Advances in Cryptology, Proceedings Crypto'95,1995, LNCS 963:1-14.
[91]X.Lai, J.Massey. Hash Functions Based on Block Ciphers. Advances in Cryptology-EURO-CRYPT'92,1993, LNCS 1440:55-70.
[92]C.Schilling, H.Meyer. Secure Program Load with Manipulation Detection Code. Proceedings of Securicom'88,1988:111-130.
[93]ANSI. Working Draft:Public Key Cryptography Using Reversible Algorithms for the Financial Services Industry.1993.
[94]ISO. Information Technology-Security Techniques-Hash Functions.1991.
[95]F.Mendel, N.Pramstaller, C.Rechberger. Cryptanalysis of the GOST Hash function. Advances in Cryptology-CRYPTO'2008,2008, LNCS 5157:162-178.
[96]F.Mendel, N.Pramstaller. A (Second) Preimage Attack on the GOST Hash function. Fast Software Encryption2008,2008, LNCS 5086:224-234.
[97]NIST. FIPS 180-1:Secure Hash Standard.1995.
[98]NIST. FIPS 180-2:Secure Hash Standard.2002.
[99]B.den Boer, A.Bosselaers. Collisions for the Compression Function of MD5. Advances in Cryptology-EURO-CRYPT'93,1993, LNCS 765:293-304.
[100]H.Dobbertin. Cryptoanalysis of MD5 Compress.1996
[101]H.Dobbertin. Cryptoanalysis of MD4. Journal of Cryptology.1998,11(4):253-271.
[102]F.Chabaud and A.Joux. Differential collisions in SHA-0. Advances in Cryptology-CRYPTO'98,1998, LNCS 1462:56-71.
[103]X.Y.Wang. Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD, rump session of Crypto'04, http://eprint.iacr.org/2004/199.pdf,2004.
[104]X.Y. Wang, H.B. Yu. How to Break MD5 and Other Hash Functions. Advances in Cryptology-Eurocrypt 05, LNCS 3494:1-18,2005.
[105]X.Y. Wang, H.B. Yu, Y.Q. Yin. Efficient Collision Search Attacks on SHA-0, Advances in Cryptology-Crypto 05, LNCS 3621:1-16,2005.
[106]X.Y. Wang, Y.Q.Yin, H.B. Yu. Finding Collisions in the Full SHA-1, Advances in Cryptology-Crypto 05, LNCS 3621:17-36,2005.
[107]M.Stevens. Fast Collision Attack on MD5. http://eprint.iacr.org/2006/104.pdf,2006.
[108]P.Fouque, G.L.A.Phong. Automatic Search of Differential Path in MD4. ECRYPT Hash Workshop,2007.
[109]M.Daum, D.Lucks. The Story of Alice and Bob. Rump Session of EUROCRYPT 2005, 2005.
[110]M.Stevens, A.K.Lenstra, B.D. Weger. Chosen-prefix collisions for MD5 and colliding X.509 certificates for different identities. EUROCRYPT 2007, LNCS 4515, 2007:1-22.
[111]M.Stevens, A.Sotirov, J.Appelbaum, et al. Short Chosen-Prefix Collision for MD5 and the Creation of a Rogue CA Certificate. Advances in Cryptology-CRYPTO'2009, 2009, LNCS 5677:55-69.
[112]Y.Sasaki, K.Aoki. Finding Preimages in full MD5 Faster than Exhaustive Search. Advances in Cryptology-EURO-CRYPT'2009,2009, LNCS 5679:134-152.
[113]K.Aoki, Y.Sasaki. Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1. Advances in Cryptology-CRYPTO'2009,2009, LNCS 5677:70-89.
[114]P. S. L. M. Barreto and V. Rijmen. The Whirlpool hashing function. Submitted to NESSIE,2003. www.larc.usp.br/-pbarreto/WhirlpoolPage.html.
[115]F.Mendel, C.Rechberger, M.Schlaffer, et al. The Rebound Attack:Cryptanalysis of Reduced Whirlpool and GrkoStl. Fast Software Encryption,2009, LNCS 5665:260-276.
[116]M.Lamberger, F.Mendel, C.Rechberger et al. Rebound Distinguishers:Results on the Full Whirlpool Compression Function. Advances in Cryptology-ASIA-CRYPT'2009, 2009, LNCS 5912:126-143.
[117]A.Joux. Multicollisions in iterated Hash functions. Application to Cascaded Constructions. Advances in Cryptology-CRYPTO'2004,2004, LNCS 3152:306-316.
[118]J.Kelsey, B.Schneier. Second Preimages on n-bit Hash functions for Much less than 2(?){n} Work. Advances in Cryptology-EURO-CRYPT'2005,2005, LNCS 3494: 474-490.
[119]J.Kelsey, T.Knhno. Herding Hash Functions and the Nostradamus Attack. Advances in Cryptology-EURO-CRYPT'2006,2006, LNCS 4004:183-200.
[120]S.Lucks. A Failure-Friendly Design Principle for Hash Functions. Advances in Cryptology-ASIA-CRYPT2005,2005, LNCS 3788:474-494.
[121]R.L.Rivest. Abelian Square-Free Dithering and Recoding for Iterated Hash Functions. ECRYPT,2005.
[122]E.Biham, O.Dunkelman. A Framework for Iterative Hash Functions-HAIFA.2006. http://eprint.iacr.org/2007/278.pdf.
[123]G.Bertoni, J.Daemen, M.Peeters, et al. On the Indifferentiability oˉf the Sponge Construction. Advances in Cryptology-EURO-CRYPT'2008,2008, LNCS 4965: 181-197.
[124]NIST has selected the Third (Final) Round Candidates of the SHA-3 Competition. http://csrc.nist. gov/groups/ST/hash/sha-3/Round3/documents/Email_Announcing_Fin alists.pdf
[125]T.Y. Li, J.A. Yorke. Period three implies chaos. Am.Math.Monthly.1975,82:985-992.
[126]J.Banks, J.Brooks, G.Cairns, G.Davis and P.stacey. On Devaney's definition of chaos. Amer.math.Monthly,1992,99:332-334.
[127]韩敏.混沌时间序列预测理论与方法.中国水利水电出版社,中国北京,2007.
[128]黄润生,黄浩.混沌及其应用.武汉大学出版社,中国武汉,2005.
[129]张琪昌,王洪礼,竺致文等.分岔与混沌理论及应用.天津大学出版社,中国天津,2005
[130]K.M.Short. Step towards unmasking secure communications. Int.J. Bifurcation Chaos. 1994,4(4):959-977.
[131]K.M.Short. Signal extracting from chaotic communications, Int. J. Bifurcation Chaos. 1997,7(7):1579-1597.
[132]张家树,肖先赐.基于广义混沌映射切换的混沌同步保密通信.物理学报,2001,50(11):2121-2125.
[133]S.J.Li, G.R.Chen, X.Q.Mou. On the dynamical degradation of digital piecewise linear chaotic maps. Chaos.2005,15(10):3119-3153.
[134]S.J.Li, Q.Li, W.M.Li, et al. Statistical Properties of Digital Piecewise Linear Chaotic Maps and Their Roles in Cryptography and Pseudo-Random Coding. IMA-C & C 2001, LNCS 2260,2001:205-221.
[135]R.Davies and W.Price. Digital signature-An update, in Proc. Int.Conf. Computer Communications, Sydney, NSW, Australia, Oct.1984,843-847.
[136]S.Matyas, C.Meyer and J.Oseas. Generating strong one-way function with cryptographic algorithm. IBM Tech. Discl. Bull.,1985,27(10a):5658-5659.
[137]M.Boesgaard, M.Vesterager, T.Christensen, E.Zenner. The Stream Cipher Rabbit. http://www.ecrypt.eu. org/stream/p3ciphers/rabbit/rabbit_p3.pdf.
[138]冯登国.密码分析学.清华大学出版社,中国北京,2000.
[139]M.Boesgaard, M.Vesterager, T.Christensen, E.Zenner. The Stream Cipher Rabbit. http://www.ecrypt.eu. org/stream/p3ciphers/rabbit/rabbit_p3.pdf.
[140]C.Q.Li, S.J.Li and G.Alvarez et al. Cryptanalysis of two chaotic encryption schemes based on circular bit shift and XOR operations. Physics Letters A.2007,369(1-2): 23-30.
[141]A.G.Bafghi, R.Safabakhsh and B.Sadeghiyan. Finding the differential characteristics of block ciphers with neural networks. Information Sciences.2008,178(15): 3118-3132.
[142]J.Y. Yang, D.Xiao and T.Xiang. Cryptanalysis of a chaos block cipher for wireless sensor network. Commun Nonlinear Sci Numer Simul,2011,16(2):844-850.
[143]S.G.Lian, J.S.Sun and Z.Q.Wang, Security analysis of a chaos-based image encryption algorithm, Phys A:Statist Mech Appl.2005,351(2-4):645-661.
[144]C.Q.Li, S.J.Li, G.R.Chen and W.A.Halang. Cryptanalysis of an image encryption scheme based on a compound chaotic sequence. Image Vision Comput.2009,27(8): 1035-1039.
[145]C.Q.Li, S.J.Li, K.T.Lo and K.Kyamakya. A differential cryptanalysis of Yen-Chen-Wu multimedia cryptography system. Journal of Systems and Software.2010,83(8): 1443-1452.
[146]J.Black, P.Rogaway. A block-cipher mode of operation for parallelizable message authentication. Advances in Cryptology-EURO-CRYPT'2002,2006, LNCS 2332: 384-401.
[147]N.Courtois and W.Meier. Algebraic attacks on stream ciphers with linear feedback. 2003, LNCS 2656:345-359.
[148]李正.杂凑函数结构研究现状及新的结构设计.硕十论文,山东大学,2010.
[149]R.D.Dean. Formal Aspects of Mobile Code Security. Ph.D. dissertation, Princeton University,1999.
[150]J.P.Boly. Dependence test, Tech. report, RIPE Tools for NESSIE Tools-P10-7,1990.
[151]B.Preneel, A.Bosselaers, V.Rijmen. Comments by the NESSIE project on the AES finalists. AES Round 2 public comment, http://www.nist.gov/aes,2000-05.
[152]朱明富,张宝东,吕述望.分组密码算法扩散特性的一种统计分析.通信学报,2002,23(10):122-128.