Collision attack

About: Collision attack is a research topic. Over the lifetime, 1093 publications have been published within this topic receiving 28389 citations.

Practical Hash Functions Constructions Resistant to Generic Second Preimage Attacks Beyond the Birthday Bound

Abstract: Most cryptographic hash functions rely on a simpler primitive called a compression function, and in nearly all cases, there is a reduction between some of the security properties of the full hash function and those of the compression function. For instance, a celebrated result of Merkle and Damg ard from 1989 states that a collision on the hash function cannot be found without nding a collision on the compression function at the same time. This is however not the case for another basic requirement, namely second preimage resistance. In fact, on many popular hash functions it is possible to nd a second preimage on the iteration without breaking the compression function. This paper studies the resistance of two practical modes of operations of hash functions against such attacks. We prove that the known generic second preimage attacks against the Merkle-Damg ard construction are optimal, and that there is no generic second preimage attack faster than exhaustive search on Haifa, a recent proposal by Biham and Dunkelman.

Preimages for Reduced-Round Tiger

Abstract: The cryptanalysis of the cryptographic hash function Tiger has, until now, focussed on finding collisions. In this paper we describe a preimage attack on the compression function of Tiger-12, i.e., Tiger reduced to 12 rounds out of 24, with a complexity of 263.5 compression function evaluations. We show how this can be used to construct second preimages with complexity 263.5 and first preimages with complexity 264.5 for Tiger-12. These attacks can also be extended to Tiger-13 at the expense of an additional factor of 264 in complexity.

Compatible 2D-Code Having Tamper Detection System with QR-Code

Abstract: The matrix barcodes known as Quick Response (QR) codes, which are enable us to import printed digital information into smart-phone or cell phone through its digital camera easily, are rapidly becoming widespread not only Japan but also Asia, Europe and America. However, an attacker is easily able to lead malicious web-sites by putting a unauthenticated QR code on a authenticated QR code. We propose a compatible 2d-code having tamper detection system with QR-code. In digital signature system, a hash value of a message is calculated firstly, and then the hash value is encrypted by a secret key which is a pair of public key cryptography system. Then, a sender sends the message and the encrypted hash value to a receiver. In the receiver side, the hash value of a sent message is calculated and the hash value with encrypted is decrypted using a public key which is a pair of public key cryptography system. The receiver can detect modification of the message by comparing the two hash values. The encrypted hash value is embedded by using Wet Paper code within cells of QR-codes. In this paper, we report the robustness of reading cells of QR code which plays an important role in our code and the state of the progress for the implementation of the proposed system.

Collisions and Semi-Free-Start Collisions for Round-Reduced RIPEMD-160

Abstract: In this paper, we propose an improved cryptanalysis of the double-branch hash function RIPEMD-160 standardized by ISO/IEC. Firstly, we show how to theoretically calculate the step differential probability of RIPEMD-160, which was stated as an open problem by Mendel et al. at ASIACRYPT 2013. Secondly, based on the method proposed by Mendel et al. to automatically find a differential path of RIPEMD-160, we construct a 30-step differential path where the left branch is sparse and the right branch is controlled as sparse as possible. To ensure the message modification techniques can be applied to RIPEMD-160, some extra bit conditions should be pre-deduced and well controlled. These extra bit conditions are used to ensure that the modular difference can be correctly propagated. This way, we can find a collision of 30-step RIPEMD-160 with complexity \(2^{67}\). This is the first collision attack on round-reduced RIPEMD-160. Moreover, by a different choice of the message words to merge two branches and adding some conditions to the starting point, the semi-free-start collision attack on the first 36-step RIPEMD-160 from ASIACRYPT 2013 can be improved. However, the previous way to pre-compute the equation \(T^{\lll S_0}\boxplus C_0=(T\boxplus C_1)^{\lll S_1}\) costs too much. To overcome this obstacle, we are inspired by Daum’s et al. work on MD5 and describe a method to reduce the time complexity and memory complexity to pre-compute that equation. Combining all these techniques, the time complexity of the semi-free-start collision attack on the first 36-step RIPEMD-160 can be reduced by a factor of \(2^{15.3}\) to \(2^{55.1}\).

On security arguments of the second round SHA-3 candidates

Abstract: In 2007, the US National Institute for Standards and Technology (NIST) announced a call for the design of a new cryptographic hash algorithm in response to vulnerabilities like differential attacks identified in existing hash functions, such as MD5 and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. 14 candidates were left in the second round, out of which five candidates have been recently chosen for the final round. An important criterion in the selection process is the SHA-3 hash function security. We identify two important classes of security arguments for the new designs: (1) the possible reductions of the hash function security to the security of its underlying building blocks and (2) arguments against differential attack on building blocks. In this paper, we compare the state of the art provable security reductions for the second round candidates and review arguments and bounds against classes of differential attacks. We discuss all the SHA-3 candidates at a high functional level, analyze, and summarize the security reduction results and bounds against differential attacks. Additionally, we generalize the well-known proof of collision resistance preservation, such that all SHA-3 candidates with a suffix-free padding are covered.