~随着现今社会网络与计算机技术的发展日新月异，信息安全变得尤为重要。散列函数作为密码学领域中的一个重要函数，常被用于消息完整性的验证，也用于数字签名、数字货币、区块链技术等重要领域。因此，散列函数已成为信息安全领域的研究热点。
散列函数是一种单向函数，可以将任意长度的消息转化为固定长度的散列值，常用的散列函数有MD系列、SHA系列等。在散列函数的发展和改进过程中，为了满足日益提高的安全需求，散列值的输出长度也在不断变长，SHA系列的输出长度已从160位发展至512位。但每一种散列函数只能生成一种固定长度的散列值，当使用者对安全性和散列值长度有不同需求时，只能选用不同的散列函数，给使用造成不便。因此，本文为满足不同环境下的不同安全需求，提出多级安全散列函数（Multilevel Security Hash Function, MSHF）。
首先，研究并分析现有常用散列函数的内部结构和安全需求，提出设计散列函数的补充需求：在不同使用需求下，散列函数应实现不同的安全等级。然后设计并实现多级安全散列函数，将安全度分为四个由低到高的等级，可以输出四种不同长度的散列值，分别为64位、128位、256位、512位。
其次，将MSHF应用于Merkle树的生成。根据MSHF的特性与安全等级，通过合并Merkle树中相邻节点的方式，降低树的深度，减小进行SPV验证时的路径长度。
最后，对MSHF的自身性能和应用情况进行实验分析。将MSHF与输出长度相同的DES-CBC、MD5、SHA-256、SHA-512在安全性与性能两方面进行对比实验；对基于MSHF和基于传统方法生成的Merkle树在SPV验证、创建时间、查找错误数据所需时间三个方面进行对比实验。
实验结果表明，在安全性方面，雪崩效应中MSHF比MD5、SHA-512出现坏点的概率低；在性能方面，MSHF的运行效率高于DES-CBC、SHA-256和SHA-512。且MSHF的安全等级越高时，查找速度越快。MSHF的应用实验表明，基于MSHF生成的Merkle树深度更小，进行SPV验证时的路径长度更短；基于MSHF创建Merkle树比传统方法用时更短，查找错误数据的耗时也更短。

~With the rapid development and upgrade of the social network and IT, information security has become increasingly significant. Hash function as one of the important function in cryptography is used to verify message integrity, meanwhile adopted by other fields as well, such as, digital signature, digital currency, block chain technology. Therefore, hash function has become a research key-point in the field of information security.
The hash function is a one-way function that can convert messages of any length into a fixed-length hash value. Commonly, hash functions used by people include MD, SHA, etc. In the process of development and improvement of these hash functions, in order to meet the growing security requirements, the output length of hash value is also growing. The output length of SHA has developed from 160 bits to 512 bits. However, each hash function can only generate a fixed-length hash value. When users have different security requirements, they can only choose different hash functions, which brings inconvenience to use. To meeting the requirements of various circumstances, this dissertation puts forward Multilevel Security Hash Function (MSHF).
First and foremost, this dissertation analyzes and researches the internal structure and security demands of hush functions that are used currently, and proposed complementary requirements for designing hush functions: Under different usage requirements, the same hash function should achieve different security levels. Then design and implement MSHF, and the security degree is divided into four levels from low to high. MSHF can output hash values of four different lengths, which are 64bits, 128bits, 256bits, 512bits.
Secondly, the Merkle tree is generated by using MSHF. According to the characteristics and security level of MSHF, the depth of Merkle tree and the path length of SPV verification are reduced by merging adjacent nodes in Merkle tree.
Finally, the performance and application of MSHF are experimentally analyzed. This dissertation compares the safety and operating efficiency of MSHF possessing different output lengths with DES-CBC, MD5, SHA-256 and SHA-512, which has the same output length. The experiments of Merkle tree based on MSHF and traditional methods are carried out in three aspects: SPV verification, creation time and the time required to find wrong data.
Experimental results show that in terms of safety, the probability of bad spots in MSHF is lower than that in MD5 and SHA-512 in avalanche effect; In terms of performance, MSHF is more efficient than DES-CBC, SHA-256 and SHA-512. The higher the security level of MSHF, the faster the searching efficiency.The application experiment of MSHF shows that the Merkle tree generated based on MSHF has smaller depth and shorter path length for SPV verification; It takes less time to create a Merkle tree based on MSHF than traditional methods, and it takes less time to find the error data.

参 考 文 献
1D. Chang, A. Jati, S. Mishra, et al. Rig: A Simple, Secure and Flexible Design for Password Hashing. International Conference on Information Security and Cryptology[C]. Paris, France, 2014: 1771~1779.
2祝彦斌. 消息摘要技术的研究与实现[D]. 西安工程大学硕士论文. 2013:3.
3S. Almuhammadi, O. M. Bawazeer. Performance and Security Tradeoffs in Cryptographic Hash Functions[J]. International Journal of Interdisciplinary Telecommunications and Networking (IJITN). 2020, 12(4): 37~51.
4白东霞. 几个分组密码和杂凑函数的安全性分析[D]. 清华大学博士论文. 2015:2.
5黎琳. Hash函数RIPEMD-128和HMAC-MD4的安全性分析[D]. 山东大学硕士论文. 2007:2~4.
6刘凡保. 散列函数及若干应用的安全性分析[D]. 国防科学技术大学博士论文. 2012:21~30.
7刘飞. Hash函数研究与设计[D]. 南京航空航天大学硕士论文. 2012:2.
8Y. Li, D. Xiao, S. Deng. Keyed hash function based on a dynamic lookup table of functions - ScienceDirect[J]. Information Sciences. 2012, 214(23): 56~75.
9M. Sison, P. Medina, et al. Implementation of Enhanced MD5 Algorithm using SSL to Ensure Data Integrity[C]. Proceedings of the 3rd International Conference on Machine Learning and Soft Computing. Da Lat, Vietnam, 2019: 74~78.
10江继军. SHA-0碰撞攻击分析研究[D]. 西安电子科技大学硕士论文. 2009:5~15.
11王娣. 基于SPIHT算法与SHA-1算法的图像联合压缩加密算法[D]. 海南大学硕士论文. 2015:26~27.
12李辉. 不同哈希算法的硬件研究及UVM验证[D]. 广东工业大学硕士论文. 2020:6~12.
13崔斌斌, 王高丽. 针对51步RIPEMD-160区分攻击的复杂度分析[J]. 计算机工程. 2019, 45(09): 147~152.
14F. Liu, F. Mendel, G. Wang. Collisions and Semi-Free-Start Collisions for Round-Reduced RIPEMD-160[C]. Proceedings of the 23rd Internationl Conference on the Theory and Application of Cryptology and Information Security. Hong Kong, China, 2017: 484~503.
15X. Wang, X. Lai, D. Feng, et al. Cryptanalysis of the Hash Functions MD4 and RIPEMD[J]. International Conference on Advances in Cryptology-eurocrypt. Aarhus, Denmark, 2005: 1~18.
16X. Wang, H. Yu. How to Break MD5 and Other Hash Functions[J]. DBLP. Shandong, China, 2005: 561~561.
17K. Aoki, J. Guo, K. Matusiewicz, et al. Preimages for Step-Reduced SHA-2[J]. International Conference on Advances in Cryptology-asiacrypt. Tokyo, Japan, 2009: 578~597.
18D. Khovratovich, C. Rechberger, A. Savelieva. Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 Family[M]. International Workshop on Fast Software Encryption. Berlin, Heidelberg, 2012: 241~260.
19姚键. 国产商用密码算法研究及性能分析[J]. 计算机应用与软件. 2019, 36(06): 327~333.
20王小云,于红波. 密码杂凑算法综述[J]. 信息安全研究. 2015, 1(01): 19~30.
21袁天柱. 基于SM4算法的RFID高频数字基带控制器的设计[D].华中科技大学,2017. 华中科技大学硕士论文. 2017:4.
22R. F. Kayser. Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3) family[J]. Federal Register. 2007, 72(212): 62.
23S. Kuila, D. Saha, M. Pal, D. Chowdhury. Practical Distinguishers against 6-Round Keccak-f Exploiting Self-symmetry[C]. AFRICACRYPT. 2014, 8469( ): 88~108.
24毕文泉. 几个基于Keccak的认证加密算法的（条件）立方分析[D]. 山东大学博士论文. 2018:12~13.
25P. Kaplesh. Performance Evaluation of SHA-3(KECCAK) on ARM Cortex-A9 and Comparison with ARM 7TDMI and Cortex-M4[C]. International Journal of Computer Networks and Applications. 2020, 7(1): 1~9.
26苗佳. 杂凑算法SM3/SHA256/SHA3的硬件设计与实现[D]. 清华大学硕士论文. 2018:11~15.
27王晨宇. 基于口令的多因子身份认证协议研究[D]. 北京邮电大学博士论文. 2020:13~17.
28崔振山. 一类基于口令的远程认证协议的分析与改进[D]. 哈尔滨工程大学硕士论文. 2013:11~13.
29方伟成. 匿名口令认证密钥交换协议的研究[D]. 哈尔滨工业大学硕士论文. 2018:10~13.
30Z. Tan. Efficient identity-based authenticated multiple key exchange protocol[J]. Computers & Electrical Engineering. 2011, 37(2): 191~198.
31王群, 李馥娟, 王振力, 徐杰. 区块链原理及关键技术[J]. 计算机科学与探索. 2020, 14(10): 1621~1643.
32S. Stavroyiannis, V. Babalos, S. Bekiros, S. Lahmiri, G. S. Uddin. The high frequency multifractal properties of Bitcoin[J]. Physica A: Statistical Mechanics and its Applications. 2019, 520( ): 62~71.
33韩璇, 袁勇, 王飞跃. 区块链安全问题:研究现状与展望[J]. 自动化学报. 2019, 45(01): 206~225.
34曹梦文. PoW共识算法下的矿池博弈合作与优化研究[D]. 浙江师范大学硕士论文. 2020:7.
35王高丽. 对杂凑函数和分组密码算法的分析[D]. 山东大学博士论文. 2008:23~26.
36张磊. 基于散列函数和椭圆曲线密码的RFID安全协议研究[D]. 吉林大学硕士论文. 2017:24~25.
37宋杨. 射频识别系统中基于哈希函数的认证方法研究[D]. 重庆邮电大学硕士论文. 2020:21.
38B. M, T. Kohno. Hash Function Balance and Its Impact on Birthday Attacks[J]. Lecture Notes in Computer Science (LNCS). 2004, 3027( ): 401~418 .
39I. Dinur, O. Dunkelman, A. Shamir. New Attacks on Keccak-224 and Keccak256[C]. International Workshop on Fast Software Encryption. Berlin, Heidelberg, 2012: 442~461.
40E. A. Grechnikov, A. V. Adinetz. Collision for 75-step SHA-1: Intensive Parallelization with GPU[J]. Iacr Cryptology Eprint Archive. 2011: 641~648.
41张晓妹. 哈希函数的迭代结构与压缩函数研究[D]. 深圳大学硕士论文. 2017:7~15.
42王彦. 基于单分组散列函数的移动RFID认证协议[D]. 延边大学硕士论文. 2015:4~6.
43A. Leekha, A. Shaikh. Implementation and comparison of the functions of building blocks in SHA-2 family used in secured cloud applications[J]. Journal of Discrete Mathematical Sciences and Cryptography. 2019, 22(2): 323~335.
44E. V. Maliberan, A. M. Sison, R. P. Medina. A New Approach in Expanding the Hash Size of MD5[J]. International Journal of Communication Networks and Information Security. 2018, 10(2): 374~379.
45B. Eli, R. CHEN, J. Antoine. Cryptanalysis of SHA-0 and Reduced SHA-1[J]. Journal of Cryptology. 2014, 28(1): 110~160.
46G. Kaur, K. Singh, H. S. Gill. Chaos-based joint speech encryption scheme using SHA-1[J]. Multimedia Tools and Applications. 2021, 5( ): 1~21.
47李世明. 关于Hash算法SHA-1的研究与分析[D]. 西南大学硕士论文. 2013:7~9.
48李丹峰. 基于片上网络的SHA256算法优化[D]. 中国科学院大学(中国科学院人工智能学院)硕士论文. 2019:5~12.
49Z. Li, X. Dong, W. Bi, K. Jia, X. Wang, W. Meier. New Conditional Cube Attack on Keccak Keyed Modes[J]. IACR Transactions on Symmetric Cryptology. 2019, 2019(2): 94~124.
50田鑫. 基于FPGA的SHA-3算法硬件实现优化与系统设计[D]. 西安电子科技大学硕士论文. 2019:20~32.
51申延召. 约减轮Hash函数HAS-160、RIPEMD-160和SM3的原像攻击[D].山东大学博士论文. 2018:33~36.
52葛灿. 基于GPU的SHA-2哈希算法的快速实现及应用[D]. 上海交通大学硕士论文. 2018:24.
53李正. 杂凑函数结构研究现状及新的结构设计[D]. 山东大学硕士论文. 2010:26.
54王勇. 基于随机函数的单向哈希函数构造方法[P]. 桂林电子科技大学. 2014-10-15.
55P. Zajac. Ephemeral Keys Authenticated with Merkle Trees and Their Use in IoT Applications[J]. Sensors. 2021, 21(6): 2036.
56A. Gladston, A. Prasad Mohan, R. M. Asfak. Merkle Tree and Blockchain-Based Cloud Data Auditing[J]. International Journal of Cloud Applications and Computing (IJCAC). 2020, 10(3): 54~66.
57杨志康. 基于merkle树的无线传感器网络安全的的研究与应用[D]. 北京邮电大学硕士论文. 2018:7.
58黄根. 面向数据资产管理的区块链关键技术研究[D]. 中国科学技术大学硕士论文. 2020:15~16.
59黄根, 邹一波, 徐云. 区块链中Merkle树性能研究[J]. 计算机系统应用. 2020, 29(09): 237~243.
60Q. Sun. The probability principle of the birthday paradox and extended applications[J]. The Frontiers of Society, Science and Technology. 2021, 3(3): 20~23.
61高礼. 基于混沌密码Hash函数的设计[D]. 西南交大硕士论文. 2012:14~15.
62王永, 李昌兵, 何波. 混沌加密算法与Hash函数构造研究[M]. 北京: 电子工业出版社, 2011:133~135.
63刘靖. 基于缩减轮数的SHA-1的LPMAC区分攻击和53步SHA-1-MAC的部分密钥恢复攻击[D]. 山东大学硕士论文. 2011:4.
64周莹冰. 基于S盒的单分组哈希函数的设计与实现[D]. 延边大学硕士论文. 2015:49~50.