Showing papers on "Collision attack published in 1991"
11 Nov 1991
TL;DR: At Crypto '89 Ivan Damgard presented a method that allows one to construct a computationally collision free hash function that has provably the same level of security as the computationally collisions free function with input of constant length that it is based upon.
Abstract: At Crypto '89 Ivan Damgard [1] presented a method that allows one to construct a computationally collision free hash function that has provably the same level of security as the computationally collision free function with input of constant length that it is based upon. He also gave three examples of collision free functions to use in this construction. For two of these examples collisions have been found[2]
54 citations
01 Feb 1991
TL;DR: This paper shows that five hash functions are not collision free, including the assumptions that an attacker can modify an initial value of the hash function.
Abstract: Hash functions are used to compress messages into digital signatures. A hash function has to be collision free; i.e., it must be computationally infeasible to construct different messages which output the same hash-value. This paper shows that five hash functions are not collision free, including the assumptions that an attacker can modify an initial value of the hash function. These hash functions are analyzed from the standpoints of their structure, the complementation property and the weak keys of the block ciphers used in them. As a result, it is clear that many pairs of messages can be created to generate the same hash-values. Therefore, users desiring to use these hash functions should be notified of their weakness.
37 citations
TL;DR: It is shown that if the hash function is a tree function, then the system is vulnerable to a chosen ciphertext attack and, under certain circumstances, to a choices plaintext attack.
Abstract: A number of encryption systems work by combining each plaintext bit with a hash function of the last n ciphertext bits. Such systems are self-synchronising in that they recover from ciphertext errors with an error extension of n. We show firstly that if the hash function is a tree function, then the system is vulnerable to a chosen ciphertext attack and, under certain circumstances, to a chosen plaintext attack; secondly, that all hash functions are equivalent to some tree function; thirdly, that whether or not this gives a computable attack on a given algorithm depends on the connectivity of a graph associated with the hash function; and, fourthly, the implications for DES, for RSA key selection, and for algorithm design in general.
13 citations
11 Nov 1991
TL;DR: A method is described to generate collisions for the hash function FFT-Hash that was presented by Claus Schnorr at Crypto '91 and a set of colliding messages is given that was obtained.
Abstract: A method is described to generate collisions for the hash function FFT-Hash that was presented by Claus Schnorr at Crypto '91. A set of colliding messages is given that was obtained by this method.
6 citations
01 Jan 1991
6 citations