Collision attack

About: Collision attack is a research topic. Over the lifetime, 1093 publications have been published within this topic receiving 28389 citations.

Preimage Attacks on One-Block MD4, 63-Step MD5 and More

Abstract: This paper shows preimage attacks on one-block MD4 and MD5 reduced to 63 (out of 64) steps. Our attacks are based on the meet-in-the-middle attack, and many additional improvements make the preimage computable faster than that of the brute-force attack, 2128 hash computation. A preimage of one-block MD4 can be computed in the complexity of the 2107 MD4 compression function computation, and a preimage of MD5 reduced to 63 steps can be computed in the complexity of the 2121 MD5 compression function computation. Moreover, we optimize the computational order of the brute-force attack against MD5, and a preimage of full-round MD5 can be computed in the complexity of the 2127 MD5 compression function computation.

Strengthening digital signatures via randomized hashing

Abstract: We propose randomized hashing as a mode of operation for cryptographic hash functions intended for use with standard digital signatures and without necessitating of any changes in the internals of the underlying hash function (eg, the SHA family) or in the signature algorithms (eg, RSA or DSA) The goal is to free practical digital signature schemes from their current reliance on strong collision resistance by basing the security of these schemes on significantly weaker properties of the underlying hash function, thus providing a safety net in case the (current or future) hash functions in use turn out to be less resilient to collision search than initially thought We design a specific mode of operation that takes into account engineering considerations (such as simplicity, efficiency and compatibility with existing implementations) as well as analytical soundness Specifically, the scheme consists of a regular use of the hash function with randomization applied only to the message before it is input to the hash function We formally show the sufficiency of weaker than collision-resistance assumptions for proving the security of the scheme

A Collision Attack on 7 Rounds of Rijndael.

Abstract: Rijndael is one of the ve candidate blockciphers selected by NIST for the nal phase of the AES selection process. The best attack of Rijndael so far is due to the algorithm designers ; this attack is based upon the existence of an eÆcient distinguisher between 3 Rijndael inner rounds and a random permutation, and it is limited to 6 rounds for each of the three possible values of the keysize parameter (128 bits, 196 bits and 256 bits). In this paper, we construct an eÆcient distinguisher between 4 inner rounds of Rijndael and a random permutation of the blocks space, by exploiting the existence of collisions between some partial functions induced by the cipher. We present an attack based upon this 4-rounds distinguisher that requires 2 chosen plaintexts and is applicable to up to 7-rounds for the 196 keybits and 256 keybits version of Rijndael. Since the minimal number of rounds in the Rijndael parameter settings proposed for AES is 10, our attack does not endanger the security of the cipher, indicate any aw in the design or prove any inadequacy in selection of number of rounds. The only claim we make is that our results represent improvements of the previously known cryptanalytic results on Rijndael.

Cryptographic hardware and embedded systems : CHES 2010 : 12th international workshop, Santa Barbara, USA, August 17-20, 2010 : proceedings

Abstract: Low Cost Cryptography.- Quark: A Lightweight Hash.- PRINTcipher: A Block Cipher for IC-Printing.- Sponge-Based Pseudo-Random Number Generators.- Efficient Implementations I.- A High Speed Coprocessor for Elliptic Curve Scalar Multiplications over .- Co-Z Addition Formulae and Binary Ladders on Elliptic Curves.- Efficient Techniques for High-Speed Elliptic Curve Cryptography.- Side-Channel Attacks and Countermeasures I.- Analysis and Improvement of the Random Delay Countermeasure of CHES 2009.- New Results on Instruction Cache Attacks.- Correlation-Enhanced Power Analysis Collision Attack.- Side-Channel Analysis of Six SHA-3 Candidates.- Tamper Resistance and Hardware Trojans.- Flash Memory 'Bumping' Attacks.- Self-referencing: A Scalable Side-Channel Approach for Hardware Trojan Detection.- When Failure Analysis Meets Side-Channel Attacks.- Efficient Implementations II.- Fast Exhaustive Search for Polynomial Systems in .- 256 Bit Standardized Crypto for 650 GE - GOST Revisited.- Mixed Bases for Efficient Inversion in and Conversion Matrices of SubBytes of AES.- SHA-3.- Developing a Hardware Evaluation Method for SHA-3 Candidates.- Fair and Comprehensive Methodology for Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates Using FPGAs.- Performance Analysis of the SHA-3 Candidates on Exotic Multi-core Architectures.- XBX: eXternal Benchmarking eXtension for the SUPERCOP Crypto Benchmarking Framework.- Fault Attacks and Countermeasures.- Public Key Perturbation of Randomized RSA Implementations.- Fault Sensitivity Analysis.- PUFs and RNGs.- An Alternative to Error Correction for SRAM-Like PUFs.- New High Entropy Element for FPGA Based True Random Number Generators.- The Glitch PUF: A New Delay-PUF Architecture Exploiting Glitch Shapes.- New Designs.- Garbled Circuits for Leakage-Resilience: Hardware Implementation and Evaluation of One-Time Programs.- ARMADILLO: A Multi-purpose Cryptographic Primitive Dedicated to Hardware.- Side-Channel Attacks and Countermeasures II.- Provably Secure Higher-Order Masking of AES.- Algebraic Side-Channel Analysis in the Presence of Errors.- Coordinate Blinding over Large Prime Fields.

Correlation-Enhanced Power Analysis Collision Attack.

Abstract: Side-channel based collision attacks are a mostly disregarded alternative to DPA for analyzing unprotected implementations. The advent of strong countermeasures, such as masking, has made further research in collision attacks seemingly in vain. In this work, we show that the principles of collision attacks can be adapted to efficiently break some masked hardware implementation of the AES which still have first-order leakage. The proposed attack breaks an AES implementation based on the corrected version of the masked S-box of Canright and Batina presented at ACNS 2008 which is supposed to be resistant against firstorder attacks. It requires only six times the number of traces necessary for breaking a comparable unprotected implementation. At the same time, the presented attack has minimal requirements on the abilities and knowledge of an adversary. The attack requires no detailed knowledge about the design, nor does it require a training phase.