论文部分内容阅读
Multivariate hash functions are a type of hash functions whose compression function is explicitly defined as a sequence of multivariate equations. Billet et al designed the hash function MQ-HASH and Ding et al proposed a similar construction. In this paper, we analyze the security of multivariate hash functions and conclude that low degree multivariate functions such as MQ-HASH are neither pseudo-random nor unpredictable. There may be trivial collisions and fixed point attacks if the parameters of the compression ftmction have been chosen. And they are also not computation-resistance, which makes MAC forgery easily.