Collision attack

About: Collision attack is a research topic. Over the lifetime, 1093 publications have been published within this topic receiving 28389 citations.

Improved Collision Attack on MD4.

Abstract: In this paper, we propose an attack method to find collisions of MD4 hash function. This attack is the improved version of the attack which was invented by Xiaoyun Wang et al [1]. We were able to find collisions with probability almost 1, and the average complexity to find a collision is upper bounded by three times of MD4 hash operations. This result is improved compared to the original result of [1] where the probability were from 2−6 to 2−2, and the average complexity to find a collision was upper bounded by 2 MD4 hash operations. We also point out the lack of sufficient conditions and imprecise modifications for the original attack in [1]. keywords: Collision Attack, MD4, Hash Function, Message Modification

On Quantifying the Resistance of Concrete Hash Functions to Generic Multicollision Attacks

Abstract: Bellare and Kohno (2004) introduced the notion of balance to quantify the resistance of a hash function h to a generic collision attack. Motivated by their work, we consider the problem of quantifying the resistance of h to a generic multicollision attack. To this end, we introduce the notion of r -balance μr(h) of h and obtain bounds on the success probability of finding an r-collision in terms of μr(h). These bounds show that for a hash function with m image points, if the number of trials q is Θ(rm([(r-1)/(r)])μr(h)) , then it is possible to find r-collisions with a significant probability of success. The behavior of random functions and the expected number of trials to obtain an r-collision is studied. These results extend and complete the earlier results obtained by Bellare and Kohno (2004) for collisions (i.e., r=2). Going beyond their work, we provide a new design criteria to provide quantifiable resistance to generic multicollision attacks. Further, we make a detailed probabilistic investigation of the variation of r-balance over the set of all functions and obtain support for the view that most functions have r -balance close to one.

New observation on camellia

Abstract: In this paper, some observations on Camellia are presented, by which the Square attack and the Collision attack are improved. 11-round 256-bit Camellia without FL function is breakable with complexity of 2 250 encryptions. 9-round 128-bit Camellia without FL function is breakable with the complexity of 2 90 encryptions. And 10-round 256-bit Camellia with FL function is breakable with the complexity of 2 210 encryptions and 9-round 128-bit Camellia with FL function is breakable with the complexity of 2 122 encryptions. These results are better than any other known results. It concludes that the most efficient attack on Camellia is Square attack.

New Attacks on the Concatenation and XOR Hash Combiners

Abstract: We study the security of the concatenation combiner $$H_1M \Vert H_2M$$H1Mi¾?H2M for two independent iterated hash functions with n-bit outputs that are built using the Merkle-Damgard construction. In 2004 Joux showed that the concatenation combiner of hash functions with an n-bit internal state does not offer better collision and preimage resistance compared to a single strong n-bit hash function. On the other hand, the problem of devising second preimage attacks faster than $$2^n$$2n against this combiner has remained open since 2005 when Kelsey and Schneier showed that a single Merkle-Damgard hash function does not offer optimal second preimage resistance for long messages. In this paper, we develop new algorithms for cryptanalysis of hash combiners and use them to devise the first second preimage attack on the concatenation combiner. The attack finds second preimages faster than $$2^n$$2n for messages longer than $$2^{2n/7}$$22n/7 and has optimal complexity of $$2^{3n/4}$$23n/4. This shows that the concatenation of two Merkle-Damgard hash functions is not as strong a single ideal hash function. Our methods are also applicable to other well-studied combiners, and we use them to devise a new preimage attack with complexity of $$2^{2n/3}$$22n/3 on the XOR combiner $$H_1M \oplus H_2M$$H1Mi¾?H2M of two Merkle-Damgard hash functions. This improves upon the attack by Leurent and Wang presented at Eurocrypt 2015 whose complexity is $$2^{5n/6}$$25n/6 but unlike our attack is also applicable to HAIFA hash functions. Our algorithms exploit properties of random mappings generated by fixing the message block input to the compression functions of $$H_1$$H1 and $$H_2$$H2. Such random mappings have been widely used in cryptanalysis, but we exploit them in new ways to attack hash function combiners.