Collision attack

About: Collision attack is a research topic. Over the lifetime, 1093 publications have been published within this topic receiving 28389 citations.

A Digital Signature Scheme with Message Recovery and without One-Way Hash Function

Abstract: A digital signature scheme allows one to sign an electronic message and later the produced signature can be validated by the owner of the message or by any verifier. Most of the existing digital signature schemes were developed based on the use of hash function and massage redundancy to resist against forgery attack. In this paper we propose a signature scheme with message recovery and without using one way hash function which is secure and practical. The proposed scheme is shown to be secure against the parameter reduction attack and forgery attack. Security of the scheme is based on the complexity of solving the discrete logarithm problem and integer factorization. The proposed scheme does not use message redundancy and is suitable to provide signature on long messages.

On the security of non-forgeable robust hash functions

Abstract: In many applications, it is often desirable to extract a consistent key from a multimedia object (e.g., an image), even when the object has gone through a noisy channel. For example, the extracted key can be used to generate content dependent watermarks to mitigate copy attacks, or for two or more parties to establish a session key from their noisy versions of the same object. Robust hash functions are useful in extracting such consistent keys. It differs from cryptographic hash functions in that small noise in the messages would yield the same hash value with high probability. However, the security of robust hash functions is not well understood. In this paper, we study different security notions of robust hash functions w.r.t. forgery attacks, where the goal of the attacker is to estimate the key (hash value) extracted from a given message. We show that information- theoretical security against forgery under chosen message attacks is not possible, in the sense that given enough number of observations of message/hash pairs, the entropy of the hash value of another message can be reduced arbitrarily. We further give a construction that is computationally secure, where computing the hash value can still be computationally infeasible even its entropy may not be high.

Breaking a new hash function design strategy called SMASH

Abstract: We present a collision attack on SMASH. SMASH was proposed as a new hash function design strategy that does not rely on the structure of the MD4 family. The presented attack method allows us to produce almost any desired difference in the chaining variables of the iterated hash function. Due to the absence of a secret key, we are able to construct differences with probability 1. Furthermore, we get only few constraints on the colliding messages, which allows us to construct meaningful collisions. The presented collision attack uses negligible resources and we conjecture that it works for all hash functions built following the design strategy of SMASH.

Cryptanalysis of Tav-128 hash function

Abstract: Many RFID protocols use cryptographic hash functions for their security The resource constrained nature of RFID systems forces the use of light weight cryptographic algorithms Tav-128 is one such 128-bit light weight hash function proposed by Peris-Lopez et al for a low-cost RFID tag authentication protocol Apart from some statistical tests for randomness by the designers themselves, Tav-128 has not undergone any other thorough security analysis Based on these tests, the designers claimed that Tav-128 does not posses any trivial weaknesses In this article, we carry out the first third party security analysis of Tav-128 and show that this hash function is neither collision resistant nor second preimage resistant Firstly, we show a practical collision attack on Tav-128 having a complexity of 237 calls to the compression function and produce message pairs of arbitrary length which produce the same hash value under this hash function We then show a second preimage attack on Tav-128 which succeeds with a complexity of 262 calls to the compression function Finally, we study the constituent functions of Tav-128 and show that the concatenation of nonlinear functions A and B produces a 64-bit permutation from 32-bit messages This could be a useful light weight primitive for future RFID protocols