Topic
Collision attack
About: Collision attack is a research topic. Over the lifetime, 1093 publications have been published within this topic receiving 28389 citations.
Papers published on a yearly basis
Papers
More filters
07 Jul 2008
TL;DR: It is shown that even in the powerful adversarial scenario first introduced by Liskov (SAC 2006) in which the underlying compression functions can be fully inverted, collisions in the concatenated hash cannot be created using fewer than 2n/2queries.
Abstract: At Crypto 2004 Joux showed a novel attack against the concatenated hash combiner instantiated with Merkle-Damgard iterated hash functions. His method of producing multicollisions in the design was the first in a recent line of generic attacks against the Merkle-Damgard construction. In the same paper, Joux raised an open question concerning the strength of the concatenated hash combiner and asked whether his attack can be improved when the attacker can efficiently find collisions in both underlying compression functions. We solve this open problem by showing that even in the powerful adversarial scenario first introduced by Liskov (SAC 2006) in which the underlying compression functions can be fully inverted (which implies that collisions can be easily generated), collisions in the concatenated hash cannot be created using fewer than 2n/2queries. We then expand this result to include the double pipe hash construction of Lucks from Asiacrypt 2005. One of the intermediate results is of interest on its own and provides the first streamable construction provably indifferentiable from a random oracle in this model.
42 citations
TL;DR: It is proved that the new hash functions are collision resistant under reasonable assumptions about the underlying compression function and/or block cipher, and a lower bound is shown on the number of operations to find a collision as a function of the strength of the underlying compressed function.
Abstract: This paper considers iterated hash functions. It proposes new constructions of fast and secure compression functions with nl-bit outputs for integers n>1 based on error-correcting codes and secure compression functions with l-bit outputs. This leads to simple and practical hash function constructions based on block ciphers such as the Data Encryption Standard (DES), where the key size is slightly smaller than the block size; IDEA, where the key size is twice the block size; Advanced Encryption Standard (AES), with a variable key size; and to MD4-like hash functions. Under reasonable assumptions about the underlying compression function and/or block cipher, it is proved that the new hash functions are collision resistant. More precisely, a lower bound is shown on the number of operations to find a collision as a function of the strength of the underlying compression function. Moreover, some new attacks are presented that essentially match the presented lower bounds. The constructions allow for a large degree of internal parallelism. The limits of this approach are studied in relation to bounds derived in coding theory.
42 citations
10 Sep 2008
TL;DR: In this article, the authors present a probabilistic polynomial time algorithm for computing preimages for the Morgenstern hash function, an interesting variant of LPS hash.
Abstract: Collisions in the LPS cryptographic hash function of Charles, Goren and Lauter have been found by Zemor and Tillich [17], but it was not clear whether computing preimages was also easy for this hash function. We present a probabilistic polynomial time algorithm solving this problem. Subsequently, we study the Morgenstern hash, an interesting variant of LPS hash, and break this function as well. Our attacks build upon the ideas of Zemor and Tillich but are not straightforward extensions of it. Finally, we discuss fixes for the Morgenstern hash function and other applications of our results.
41 citations
13 Apr 2008
TL;DR: It is shown that the outer key can be recovered with near-collisions instead of collisions: near- Collision can be easier to find and can disclose more information, which improves the complexity of the FLN attack on HMAC/NMAC-MD4.
Abstract: At Crypto '07, Fouque, Leurent and Nguyen presented full key-recovery attacks on HMAC/NMAC-MD4 and NMAC-MD5, by extending the partial key-recovery attacks of Contini and Yin from Asiacrypt '06 Such attacks are based on collision attacks on the underlying hash function, and the most expensive stage is the recovery of the socalled outer key In this paper, we show that the outer key can be recovered with near-collisions instead of collisions: near-collisions can be easier to find and can disclose more information This improves the complexity of the FLN attack on HMAC/NMAC-MD4: the number of MAC queries decreases from 288 to 272, and the number of MD4 computations decreases from 295 to 277 We also improved the total complexity of the related-key attack on NMAC-MD5 Moreover, our attack on NMAC- MD5 can partially recover the outer key without the knowledge of the inner key, which might be of independent interest
41 citations
23 Aug 2009
TL;DR: Although the attacks are not practical, they show that the security margin of 3-pass HAVAL and step-reduced MD5 with respect to preimage attacks is not as high as expected.
Abstract: This paper presents preimage attacks on the hash functions 3-pass HAVAL and step-reduced MD5. Introduced in 1992 and 1991 respectively, these functions underwent severe collision attacks, but no preimage attack. We describe two preimage attacks on the compression function of 3-pass HAVAL. The attacks have a complexity of about 2224 compression function evaluations instead of 2256. We present several preimage attacks on the MD5 compression function that invert up to 47 steps (out of 64) within 296 trials instead of 2128. Although our attacks are not practical, they show that the security margin of 3-pass HAVAL and step-reduced MD5 with respect to preimage attacks is not as high as expected.
40 citations