A novel suite of tests for evaluating one-way hash functions for electronic commerce applications

Abstract

The quality of one-way functions determines, among other parameters, to great extent the security grant provided by cryptographic protocols which rely on them. The authors propose a novel evaluation methodology of one-way hash functions for security mechanisms of electronic commerce systems, such as for instance digital signatures. The methodology consists of three parts: the bit-variance test, the entropy assessment of the digests produced and the hash-function non modeling test. The bit-variance test shows the impact of small changes of the input message in the digest output. The entropy assessment of the hash function values is its information measure, and therefore a measure of the difficulty to find two or more messages that lend themselves to a given digest. On the other hand, the non modeling test (based on neural networks) should show the impossibility of modeling the one-way hash function by neural network architectures, having the ability to approximate arbitrary real functions. Otherwise, it would indicate feasibility in modeling the hash functions by artificial intelligence techniques, and consequently in reducing the processing effort required to break them. The application of the suggested methodology to the well known MD5 one-way function reveals its potential to hash function quality characteristic evaluation. The proposed methodology may be applied in conjunction with other methods described in the technical literature.