Abstract
The quality of one-way functions determines, among other parameters, in great extent the security grant provided by cryptographic protocols, which rely on them. In this paper, we propose a novel evaluation methodology of one-way hash functions for security mechanisms of electronic commerce systems, as, for instance, digital signatures. The methodology consists of three parts, the bit-variance test, the entropy assessment of the digests produced and the hash-function non-modeling test. The bit-variance test shows the impact of small changes of the input message in the digest output. The entropy assessment of the hash function values is its information measure and, therefore, a measure of the difficulty to find two or more messages that lead to a given digest. On the other hand, the non-modeling test (based on neural networks) should show the impossibility to model the one-way hash function by neural network architectures, having the ability to approximate arbitrary real functions. Otherwise, it would indicate feasibility in modeling the hash functions by artificial intelligence techniques and consequently, in reducing the processing effort required to break them. The application of the suggested methodology to the well-known MD5 one-way function reveals its potential to hash function quality characteristic evaluation. The proposed methodology may be applied in conjunction with other methods described in the technical literature.