Topic
Collision attack
About: Collision attack is a research topic. Over the lifetime, 1093 publications have been published within this topic receiving 28389 citations.
Papers published on a yearly basis
Papers
More filters
29 Nov 2007
TL;DR: Cho et al. as discussed by the authors presented a collision attack on the hash function HAS-160 reduced to 53-steps, which has a complexity of about 235 hash computations and is based on the work of Cho et al., presented at ICISC 2006.
Abstract: HAS-160 is an iterated cryptographic hash function that is widely used in Korea. In this article, we present a collision attack on the hash function HAS-160 reduced to 53-steps. The attack has a complexity of about 235 hash computations. It is based on the work of Cho et al. presented at ICISC 2006. We improve the attack complexity of Cho et al. by a factor of about 220 using a slightly different strategy for message modification in the first 20 steps of the hash function and present the first actual colliding message pair for 53-step HAS-160. Furthermore, we show how the attack can be extended to 59-step HAS-160 by using a characteristic spanning over two message blocks.
16 citations
TL;DR: This paper utilizes message extension to enhance the correlation of plaintexts in the message and aggregation operation to improve therelation of sequences of message blocks, which significantly increase the sensitivity between message and hash values, thereby greatly resisting the collision.
16 citations
Journal Article•
TL;DR: In this article, the influence of collision-finding attacks on the security of time-stamping schemes was studied and necessary and sufficient conditions for client side hash functions were derived by using explicit separation techniques.
Abstract: We study the influence of collision-finding attacks on the security of time-stamping schemes. We distinguish between client-side hash functions used to shorten the documents before sending them to time-stamping servers and server-side hash functions used for establishing one way causal relations between time stamps. We derive necessary and sufficient conditions for client side hash functions and show by using explicit separation techniques that neither collision-resistance nor 2nd preimage resistance is necessary for secure time-stamping. Moreover, we show that server side hash functions can even be not one-way. Hence, it is impossible by using black-box techniques to transform collision-finders into wrappers that break the corresponding time-stamping schemes. Each such wrapper should analyze the structure of the hash function. However, these separations do not necessarily hold for more specific classes of hash functions. Considering this, we take a more detailed look at the structure of practical hash functions by studying the Merkle-Damgard (MD) hash functions. We show that attacks, which are able to find collisions for MD hash functions with respect to randomly chosen initial states, also violate the necessary security conditions for client-side hash functions. This does not contradict the black-box separations results because the MD structure is already a deviation from the black-box setting. As a practical consequence, MD5, SHA-0, and RIPEMD are no more recommended to use as client-side hash functions in time-stamping. However, there is still no evidence against using MD5 (or even MD4) as server-side hash functions.
16 citations
07 Feb 2010
TL;DR: A pseudo-preimage attack on the Tiger compression function adopts the meet-in-the-middle approach and derived several properties or weaknesses in both the key schedule function and the step function of the Tigers compression function, which gives more freedom to separate the tiger compression function.
Abstract: This paper evaluates the preimage resistance of the Tiger hash function. We will propose a pseudo-preimage attack on its compression function up to 23 steps with a complexity of 2181, which can be converted to a preimage attack on 23-step Tiger hash function with a complexity of 2187.5. The memory requirement of these attacks is 222 words. Our pseudo-preimage attack on the Tiger compression function adopts the meet-in-the-middle approach. We will divide the computation of the Tiger compression function into two independent parts. This enables us to transform the target of finding a pseudo-preimage to another target of finding a collision between two independent sets of some internal state, which will reduce the complexity. In order to maximize the number of the attacked steps, we derived several properties or weaknesses in both the key schedule function and the step function of the Tiger compression function, which gives us more freedom to separate the Tiger compression function.
16 citations
18 Feb 2002
TL;DR: A new signature forgery attack on PKCS #1 v1.5 signatures is described, possible even with a strong hash function, based on choosing a new (and suspicious-looking) hash function identifier as part of the attack.
Abstract: The security of many signature schemes depends on the verifier's assurance that the same hash function is applied during signature verification as during signature generation Several schemes provide this assurance by appending a hash function identifier to the hash value We show that such "hash function firewalls" do not necessarily prevent an opponent from forging signatures with a weak hash function and we give "weak hash function" attacks on several signature schemes that employ such firewalls We also describe a new signature forgery attack on PKCS #1 v15 signatures, possible even with a strong hash function, based on choosing a new (and suspicious-looking) hash function identifier as part of the attack
16 citations