scispace - formally typeset
Search or ask a question
Topic

Collision attack

About: Collision attack is a research topic. Over the lifetime, 1093 publications have been published within this topic receiving 28389 citations.


Papers
More filters
Journal ArticleDOI
TL;DR: This paper proposes multiple-collision trapdoor hash families based on discrete logarithm and factoring assumptions, and provides formal proofs of their security, and introduces an efficient on-line/off-line signature scheme based on the proposed trapdoorHash families.
Abstract: The first on-line/off-line signature scheme introduced by Even et al. in 1990 has two problems: (a) impractical signature length and (b) a one-time use of signature generated during the off-line phase. In 2001, Shamir and Tauman significantly shortened the length of the signature by using trapdoor hash families introduced by Krawczyk and Rabin in 2000. However, each trapdoor hash value and its signature in the off-line phase of Shamir and Tauman's signature scheme can be used for signing only one message in the on-line phase. In this paper, we propose multiple-collision trapdoor hash families based on discrete logarithm and factoring assumptions, and provide formal proofs of their security. We also introduce an efficient on-line/off-line signature scheme based on our proposed trapdoor hash families. Our on-line/off-line signature scheme can re-use a trapdoor hash value for signing multiple messages. If a signer includes this trapdoor hash value in the public-key digital certificate, there is no need to have any regular digital signature scheme to sign the trapdoor hash value in the off-line phase.

18 citations

Book ChapterDOI
26 May 2013
TL;DR: A new cryptanalysis method for double-branch hash functions, by attacking each branch separately and then merging them with free message blocks and shows that 16 years old RIPEMD-128, one of the last unbroken primitives belonging to the MD-SHA family, might not be as secure as originally thought.
Abstract: In this article we propose a new cryptanalysis method for double-branch hash functions that we apply on the standard RIPEMD-128, greatly improving over know results. Namely, we were able to build a very good differential path by placing one non-linear differential part in each computation branch of the RIPEMD-128 compression function, but not necessarily in the early steps. In order to handle the low differential probability induced by the non-linear part located in later steps, we propose a new method for using the freedom degrees, by attacking each branch separately and then merging them with free message blocks. Overall, we present the first collision attack on the full RIPEMD-128 compression function as well as the first distinguisher on the full RIPEMD-128 hash function. Experiments on reduced number of rounds were conducted, confirming our reasoning and complexity analysis. Our results show that 16 years old RIPEMD-128, one of the last unbroken primitives belonging to the MD-SHA family, might not be as secure as originally thought.

17 citations

Proceedings ArticleDOI
07 Nov 2012
TL;DR: This paper deals with an original application of the SAT problem to encode the well-known MD?
Abstract: The SATisfiability Problem is a core problem in mathematical logic and computing theory. In the last years, progresses have led it to be a great and competitive approach to practically solve a wide range of industrial and academic problems. Thus, the current SAT solving capacity allows the propositional formalism to be an interesting alternative to tackle cryptographic problems, and particularly introduced a new field called logical cryptanalysis [15]. This paper deals with an original application of the SAT problem to encode the well-known MD? and SHA? hash functions algorithm in a generic DIMACS formula. As cryptographic hash functions are central elements in modern cryptography we choose to validate our modelisation with a dedicated attack on the inversion of these functions. This attack behaves like a reverse-engineering process, thanks to a state of the art SAT solver achieving a weakening of the second preimage of MD? and SHA?. As a result, we present our modelisation and an improvement of the current limit of best practical attacks on step-reduced MD4, MD5 and SHA? inversions, respectively up to 39, 28 and 23 broken steps. Finally, a brief analyse of our results allows to give an idea about logical cryptanalysis and hash functions.

17 citations

Book ChapterDOI
13 Oct 2010
TL;DR: The generic analysis gives a simpler proof as in the FSE'09 analysis of TANDEM-DM by also tightening the security bound, and the collision resistance bound for CYCLIC-DM diminishes with an increasing cycle length c.
Abstract: We give collision resistance bounds for blockcipher based, double-call, double-length hash functions using (k, n)-bit blockciphers with k > n. Ozen and Stam recently proposed a framework [21] for such hash functions that use 3n-to-2n-bit compression functions and two parallel calls to two independent blockciphers with 2n-bit key and n-bit block size. We take their analysis one step further. We first relax the requirement of two distinct and independent blockciphers. We then extend this framework and also allow to use the ciphertext of the first call to the blockcipher as an input to the second call of the blockcipher. As far as we know, our extended framework currently covers any double-length, double-call blockcipher based hash function known in literature using a (2n, n)-bit blockcipher as, e.g., ABREAST-DM, TANDEM-DM [15], CYCLIC-DM [9] and Hirose's FSE'06 proposal [13]. Our generic analysis gives a simpler proof as in the FSE'09 analysis of TANDEM-DM by also tightening the security bound. The collision resistance bound for CYCLIC-DM given in [9] diminishes with an increasing cycle length c. We improve this bound for cycle lengths larger than 26.

17 citations

Posted Content
TL;DR: A new approach is presented that produces 192 bit message digest and uses a modified message expansion mechanism which generates more bit difference in each working variable to make the algorithm more secure.
Abstract: Cryptographic hash functions play a central role in cryptography. Hash functions were introduced in cryptology to provide message integrity and authentication. MD5, SHA1 and RIPEMD are among the most commonly used message digest algorithm. Recently proposed attacks on well known and widely used hash functions motivate a design of new stronger hash function. In this paper a new approach is presented that produces 192 bit message digest and uses a modified message expansion mechanism which generates more bit difference in each working variable to make the algorithm more secure. This hash function is collision resistant and assures a good compression and preimage resistance.

17 citations


Network Information
Related Topics (5)
Cryptography
37.3K papers, 854.5K citations
88% related
Public-key cryptography
27.2K papers, 547.7K citations
87% related
Hash function
31.5K papers, 538.5K citations
85% related
Encryption
98.3K papers, 1.4M citations
85% related
Computer security model
18.1K papers, 352.9K citations
82% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202311
202224
202115
202013
201919
201815