Collision attack

About: Collision attack is a research topic. Over the lifetime, 1093 publications have been published within this topic receiving 28389 citations.

Finding collision on 45-step HAS-160

Abstract: HAS-160 is a cryptographic hash function designed and used widely in Korea. While similar in structure to SHA-1, up to now there was no published attack or security analysis of the algorithm. Applying techniques introduced by Wang et al. [1], we have found collision in the first 45 steps of HAS-160, with complexity 212.

On graph-based cryptographic hash functions

Abstract: Hash functions are an invaluable tool for cryptography. They must primarily satisfy collision resistance, but standardized hash functions like SHA also satisfy stronger properties needed for the wide range of their applications. The design of many hash functions including SHA is based on a compression function that is close to a block cipher and on a domain extension transform like Merkle-Damgard. However, recent attacks against the collision resistance of SHA-1 suggest investigating new designs. The expander hash design, proposed in the early nineties by Zemor and Tillich and recently rediscovered by Charles, Goren and Lauter, consists in defining a cryptographic hash function from an expander graph. The design is simple and elegant and important hash function properties can be interpreted as graph properties. When Cayley expander graphs are used, collision resistance reduces to the hardness of group-theoretical problems. Although these problems are not classical in cryptography, they appear in different forms in other fields and in at least one case, they have remained unbroken since 1994. This thesis studies the expander hash design, its main strengths and weaknesses and the security and efficiency of currently existing instances. We introduce new functions, the Morgenstern hash function and the vectorial and projective versions of the Zemor-Tillich function. We study the security of particular constructions. We present new algorithms breaking the preimage resistance of the LPS hash function and the collision and preimage resistances of the Morgenstern hash function. We improve collision and preimage attacks against Zemor-Tillich and we describe hard and easy components of collision search for this function. We capture the malleability of expander hashes by two definitions of the literature and we describe its positive and negative consequences for applications. We introduce ZesT, an all-purpose hash function based on Zemor-Tillich, keeping its provable collision resistance and its parallelism but avoiding its malleability. Our function is provably secure, parallelizable, scalable, admits a wide range of (very) efficient implementations and can be used as a general-purpose hash function.

Cryptanalysis of FORK-256

Abstract: In this paper we present a cryptanalysis of a new 256-bit hash function, FORK-256, proposed by Hong et al. at FSE 2006. This cryptanalysis is based on some unexpected differentials existing for the step transformation. We show their possible uses in different attack scenarios by giving a 1-bit (resp. 2-bit) near collision attack against the full compression function of FORK-256 running with complexity of 2125 (resp. 2120) and with negligible memory, and by exhibiting a 22-bit near pseudo-collision. We also show that we can find collisions for the full compression function with a small amount of memory with complexity not exceeding 2126.6 hash evaluations. We further show how to reduce this complexity to 2109.6 hash computations by using 273 memory words. Finally, we show that this attack can be extended with no additional cost to find collisions for the full hash function, i.e. with the predefined IV.

SCARE of Secret Ciphers with SPN Structures

Abstract: Side-Channel Analysis SCA is commonly used to recover secret keys involved in the implementation of publicly known cryptographic algorithms. On the other hand, Side-Channel Analysis for Reverse Engineering SCARE considers an adversary who aims at recovering the secret design of some cryptographic algorithm from its implementation. Most of previously published SCARE attacks enable the recovery of some secret parts of a cipher design ---e.g. the substitution boxes--- assuming that the rest of the cipher is known. Moreover, these attacks are often based on idealized leakage assumption where the adversary recovers noise-free side-channel information. In this paper, we address these limitations and describe a generic SCARE attack that can recover the full secret design of any iterated block cipher with common structure. Specifically we consider the family of Substitution-Permutation Networks with either a classical structure as the AES or with a Feistel structure. Based on a simple and usual assumption on the side-channel leakage we show how to recover all parts of the design of such ciphers. We then relax our assumption and describe a practical SCARE attack that deals with noisy side-channel leakages.

Usage of botnets for high speed MD5 hash cracking

Abstract: Cryptographic Hash functions find ubiquitous use in various applications like digital signatures, message authentication codes and other forms of digital security. Their associated vulnerabilities therefore make them a prevalent target for cyber criminals. Cracking a hash involves brute force which is generally extremely time or computing power intensive. Recent times have seen usage of GPUs for brute forcing hashes thus significantly accelerating the rate of hash generation during brute force. This has further been extended to simultaneous usage of multiple GPUs over multiple machines or building GPU clusters having multiple GPUs on a single machine. Attackers use these methods to crack hashes within practical durations of time, to the tune of hours or days, depending on the strength of the password. This paper quantifies the advantage of using the CPU simultaneously with the GPU for hash cracking and describes how a potential attacker, with respect to the size of the botnet used, could come to possess capabilities of hash rates of at least greater than 11 times the rate of the world's fastest GPU cluster based MD5 brute forcing machine with no investment.