Higher Order Differential Cryptanalysis of Multivariate Hash Functions
In this paper we propose an attack against multivariate hash functions, which is based on higher order differential cryptanalysis. As a result, this attack can be successful in finding the preimage of the compression function better than brute force and it is easy to make selective forgeries when a MAC is constructed by multivariate polynomials. It gives evidence that families of multivariate hash functions are neither pseudo-random nor unpredictable and one can distinguish a function from random functions, regardless of the finite field and the degree of the polynomials.
- Xuejia Lai (1)