On Selectable Collisionful Hash Functions

. This paper presents an attack on Gong's proposed collisionful hash function. The weaknesses of his method are studied and possible solutions are given. Some secure methods that require additional assumptions are also suggested. 1 Introduction Hash functions have been used for producing secure checksums since 1950's. A hash function maps an arbitrary length message into a fixed length message digest, and can be used for message integrity [1, 5, 8]. For this purpose, a sender calculates the message digest of the transmitting message and sends it appended to the message. The receiver verifies the checksum by recalculating it from the received message and comparing it with the received checksum. Another application is for protection against spoofing, where the checksum is protected by a key to thwart any modification by an opponent. This application has recently motivated the new term Keyed Hash Functions [3]. A keyed hash function uses a symmetric key and the checksum can only be calcul..