Amplifying Collision Resistance: A Complexity-Theoretic Treatment
نویسندگان
چکیده
We initiate a complexity-theoretic treatment of hardness amplification for collision-resistant hash functions, namely the transformation of weakly collision-resistant hash functions into strongly collision-resistant ones in the standard model of computation. We measure the level of collision resistance by the maximum probability, over the choice of the key, for which an efficient adversary can find a collision. The goal is to obtain constructions with short output, short keys, small loss in adversarial complexity tolerated, and a good trade-off between compression ratio and computational complexity. We provide an analysis of several simple constructions, and show that many of the parameters achieved by our constructions are almost optimal in some sense.
منابع مشابه
Security-Amplifying Combiners for Collision-Resistant Hash Functions
The classical combiner Comb01 class (M) = H0(M)||H1(M) for hash functions H0, H1 provides collision-resistance as long as at least one of the two underlying hash functions is secure. This statement is complemented by the multi-collision attack of Joux (Crypto 2004) for iterated hash functions H0, H1 with n-bit outputs. He shows that one can break the classical combiner in n 2 · T0 + T1 steps if...
متن کاملProvable Security of the Knudsen-Preneel Compression Functions
This paper discusses the provable security of the compression functions introduced by Knudsen and Preneel [?,?,?] that use linear error-correcting codes to build wide-pipe compression functions from underlying blockciphers operating in Davies-Meyer mode. In the information theoretic model, we prove that the Knudsen-Preneel compression function based on an [r, k, d]2e code is collision resistant...
متن کاملDesign and Analysis of Multi-Block-Length Hash Functions
Cryptographic hash functions are used in many cryptographic applications, and the design of provably secure hash functions (relative to various security notions) is an active area of research. Most of the currently existing hash functions use the Merkle–Damgård paradigm, where by appropriate iteration the hash function inherits its collision and preimage resistance from the underlying compressi...
متن کاملA Navigation System for Autonomous Robot Operating in Unknown and Dynamic Environment: Escaping Algorithm
In this study, the problem of navigation in dynamic and unknown environment is investigated and a navigation method based on force field approach is suggested. It is assumed that the robot performs navigation in...
متن کاملHow to Forge DES - EncryptedMessages
In this paper we suggest key-collision attacks, and show that the theoretic strength of a cipher cannot exceed the square root of the size of the key space. As a result, in some circumstances, some DES keys can be recovered while they are still in use, and these keys can then be used to forge messages: in particular, one key of DES can be recovered with complexity 2 28 , and one key of (three-k...
متن کامل