Topic
Collision attack
About: Collision attack is a research topic. Over the lifetime, 1093 publications have been published within this topic receiving 28389 citations.
Papers published on a yearly basis
Papers
More filters
[...]
TL;DR: A detailed simulation study is presented to identify the conditions under which TID hash joins are most beneficial and compare TIDhash join with adaptive hash join algorithms that are proposed to deal with mixed workloads.
Abstract: TID hash joins are a simple and memory-efficient method for processing large join queries. They are based on standard hash join algorithms but only store TID/key pairs in the hash table instead of entire ttrples. This typically reduces memory requirements by more than art order of magnitude bringing substantial benefits. In particular, performance for joins on Gigs-Byte relations can substantially be improved by reducing the amount of disk f/O to a large extent. Furthermore, efficient processing of mixed multi-user workloads consisting of both join queries and OLTP transactions is supported. We present a detailed simulation study to analyze the performance of TID hash joins. In particular, we identify the conditions under which TID hash joins are most beneficial. Furthermore, we compare TID hash join with adaptive hash join algorithms that have been proposed to deal with mixed workloads.
27 citations
19 Aug 2007
TL;DR: It is discussed that one can indeed have security-amplifying combiners where the security of the building blocks increases theSecurity of the combined hash function, thus beating the bound of Joux.
Abstract: The classical combiner CombH0, H1class (M) = H0(M)||H1(M) for hash functions H0, H1 provides collision-resistance as long as at least one of the two underlying hash functions is secure. This statement is complemented by the multi-collision attack of Joux (Crypto 2004) for iterated hash functions H0,H1 with n-bit outputs. He shows that one can break the classical combiner in n/2 ċ T0 + T1 steps if one can find collisions for H0 and H1 in time T0 and T1, respectively. Here we address the question if there are security-amplifying combiners where the security of the building blocks increases the security of the combined hash function, thus beating the bound of Joux. We discuss that one can indeed have such combiners and, somewhat surprisingly in light of results of Nandi and Stinson (ePrint 2004) and of Hoch and Shamir (FSE 2006), our solution is essentially as efficient as the classical combiner.
27 citations
02 Dec 2007
TL;DR: In this paper, a pseudo-near-collision for the full Tiger hash function with a complexity of about 247 hash computations and a pseudocollision (free-startcollision) for Tiger reduced to 23 rounds was presented.
Abstract: Tiger is a cryptographic hash function with a 192-bit hash value. It was proposed by Anderson and Biham in 1996. Recently, weaknesses have been shown in round-reduced variants of the Tiger hash function. First, at FSE 2006, Kelsey and Lucks presented a collision attack on Tiger reduced to 16 and 17 (out of 24) rounds with a complexity of about 244 and a pseudo-near-collision for Tiger reduced to 20 rounds. Later, Mendel et al. extended this attack to a collision attack on Tiger reduced to 19 rounds with a complexity of about 262. Furthermore, they show a pseudo-near-collision for Tiger reduced to 22 rounds with a complexity of about 244. No attack is known for the full Tiger hash function.
In this article, we show a pseudo-near-collision for the full Tiger hash function with a complexity of about 247 hash computations and a pseudocollision (free-start-collision) for Tiger reduced to 23 rounds with the same complexity.
27 citations
14 Aug 2000
TL;DR: This work presents and analyzes attacks on additive stream ciphers that rely on linear equations that hold with non-trivial probability in plaintexts that are encrypted using distinct keys, and defines linear redundancy to characterize the vulnerability of a plaintext source to these attacks.
Abstract: We present and analyze attacks on additive stream ciphers that rely on linear equations that hold with non-trivial probability in plaintexts that are encrypted using distinct keys. These attacks extend Biham's key collision attack and Hellman's time memory tradeoff attack, and can be applied to any additive stream cipher. We define linear redundancy to characterize the vulnerability of a plaintext source to these attacks.
We show that an additive stream cipher with an n-bit key has an effective key size of n-min(l, lgM) against the key collision attack, and of 2n/3+ lg(n/3) + max(n - l, 0) against the time memory tradeoff attack, when the the attacker knows l linear equations over the plaintext and has M ciphertexts encrypted with M distinct unknown secret keys.
Lastly, we analyze the IP, TCP, and UDP protocols and some typical protocol constructs, and show that they contain significant linear redundancy. We conclude with observations on the use of stream ciphers for Internet security.
27 citations
21 Feb 2005
TL;DR: This paper contains several attacks on the hash function MD2 which has a hash code size of 128 bits, which lead to the first known (pseudo) collisions for the full MD2 (including the checksum), but where the initial values differ.
Abstract: This paper contains several attacks on the hash function MD2 which has a hash code size of 128 bits. At Asiacrypt 2004 Muller presents the first known preimage attack on MD2. The time complexity of the attack is about 2104 and the preimages consist always of 128 blocks. We present a preimage attack of complexity about 297 with the further advantage that the preimages are of variable lengths. Moreover we are always able to find many preimages for one given hash value. Also we introduce many new collisions for the MD2 compression function, which lead to the first known (pseudo) collisions for the full MD2 (including the checksum), but where the initial values differ. Finally we present a pseudo preimage attack of complexity 295 but where the preimages can have any desired lengths.
27 citations