Topic
Collision attack
About: Collision attack is a research topic. Over the lifetime, 1093 publications have been published within this topic receiving 28389 citations.
Papers published on a yearly basis
Papers
More filters
19 Mar 2008
TL;DR: The notion of multi-property preserving combiners is put forward, some aspects on different definitions for such combiners are clarified, and a construction that provably preserves collision resistance, pseudorandomness, "random-oracle-ness", target collision resistance and message authentication is proposed.
Abstract: A robust combiner for hash functions takes two candidate implementations and constructs a hash function which is secure as long as at least one of the candidates is secure. So far, hash function combiners only aim at preserving a single property such as collision-resistance or pseudorandomness. However, when hash functions are used in protocols like TLS they are often required to provide several properties simultaneously. We therefore put forward the notion of multi-property preserving combiners, clarify some aspects on different definitions for such combiners, and propose a construction that provably preserves collision resistance, pseudorandomness, "random-oracle-ness", target collision resistance and message authentication according to our strongest notion.
29 citations
22 Jun 2009
TL;DR: This work describes preimage attacks on several double-branch hash functions, and shows how to find preimages more efficiently on these hash functions.
Abstract: We describe preimage attacks on several double-branch hash functions. We first present meet-in-the-middle preimage attacks on RIPEMD, whose output length is 128 bits and internal state size is 256 bits. With this internal state size, a straightforward application of the meet-in-the-middle attack will cost the complexity of at least 2128, which gives no advantage compared to the brute force attack. We show two attacks on RIPEMD. The first attack finds pseudo-preimages and preimages of the first 33 steps with complexities of 2121 and 2125.5, respectively. The second attack finds pseudo-preimages and preimages of the intermediate 35 steps with complexities of 296 and 2113, respectively. We next present meet-in-the-middle preimage attacks on full Extended MD4, reduced RIPEMD-256, and reduced RIPEMD-320. The best known attack for these is the brute force attack. We show how to find preimages more efficiently on these hash functions.
29 citations
12 Aug 2010
TL;DR: This paper presents two algorithms for computing preimages, each algorithm having its own advantages in terms of speed and preimage lengths and produces theoretical and experimental evidence that both are very efficient and succeed with a very large probability on the function parameters.
Abstract: After 15 years of unsuccessful cryptanalysis attempts by the research community, Grassl et al. have recently broken the collision resistance property of the Tillich-Zemor hash function. In this paper, we extend their cryptanalytic work and consider the preimage resistance of the function.
We present two algorithms for computing preimages, each algorithm having its own advantages in terms of speed and preimage lengths. We produce theoretical and experimental evidence that both our algorithms are very efficient and succeed with a very large probability on the function parameters. Furthermore, for an important subset of these parameters, we provide a full proof that our second algorithm always succeeds in deterministic cubic time.
Our attacks definitely break the Tillich-Zemor hash function and show that it is not even one-way. Nevertheless, we point out that other hash functions based on a similar design may still be secure.
29 citations
Journal Article•
TL;DR: A collision attack and preimage attack on the MDC-2 construction was described in this paper, with time complexity 2124.5 and space complexity 2 n/2, respectively.
Abstract: We provide a collision attack and preimage attacks on the MDC-2 construction, which is a method (dating back to 1988) of turning an n -bit block cipher into a 2n -bit hash function. The collision attack is the first below the birthday bound to be described for MDC-2 and, with n = 128, it has complexity 2124.5, which is to be compared to the birthday attack having complexity 2128. The preimage attacks constitute new time/memory trade-offs; the most efficient attack requires time and space about 2 n , which is to be compared to the previous best known preimage attack of Lai and Massey (Eurocrypt '92), having time complexity 23n /2 and space complexity 2 n /2, and to a brute force preimage attack having complexity 22n .
29 citations
02 Dec 2009
TL;DR: In this article, an improved differential cryptanalysis framework for finding collisions in hash functions is provided, which is based on linearization of compression functions in order to find low weight differential characteristics as initiated by Chabaud and Joux.
Abstract: In this paper, an improved differential cryptanalysis framework for finding collisions in hash functions is provided. Its principle is based on linearization of compression functions in order to find low weight differential characteristics as initiated by Chabaud and Joux. This is formalized and refined however in several ways: for the problem of finding a conforming message pair whose differential trail follows a linear trail, a condition function is introduced so that finding a collision is equivalent to finding a preimage of the zero vector under the condition function. Then, the dependency table concept shows how much influence every input bit of the condition function has on each output bit. Careful analysis of the dependency table reveals degrees of freedom that can be exploited in accelerated preimage reconstruction under the condition function. These concepts are applied to an in-depth collision analysis of reduced-round versions of the two SHA-3 candidates CubeHash and MD6, and are demonstrated to give by far the best currently known collision attacks on these SHA-3 candidates.
28 citations