Faster Multicollisions

Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions

In this paper, we study the existence of multicollisions in iterated hash functions. We show that finding multicollisions, i.e. r-tuples of messages that all hash to the same value, is not much harder than finding ordinary collisions, i.e. pairs of messages, even for extremely large values of r. More precisely, the ratio of the complexities of the attacks is approximately equal to the logarithm...

Examples of differential multicollisions for 13 and 14 rounds of AES-256

Here we present practical differential q-multicollisions for AES-256. In our paper [1] q-multicollisions are found with complexity q · 2. We relax conditions on the plaintext difference ∆P allowing some bytes to vary and find multicollisions for 13 and 14 round AES with complexity q · 2. Even with the relaxation there is still a large complexity gap between our algorithm and the lower bound tha...

Hash function security:cryptanalysis of the Very Smooth Hash and multicollisions in generalised iterated hash functions

In recent years, the amount of electronic communication has grown enormously. This has posed some new problems in information security. In particular, the methods in cryptography have been under much scrutiny. There are several basic primitives that modern cryptographic protocols utilise. One of these is hash functions, which are used to compute short hash values from messages of any length. In...

Generating Multicollisions for MD 4 and MD 5

Quantum Multicollision-Finding Algorithm

The current paper presents a new quantum algorithm for finding multicollisions, often denoted by l-collisions, where an l-collision for a function is a set of l distinct inputs having the same output value. Although it is fundamental in cryptography, the problem of finding multicollisions has not received much attention in a quantum setting. The tight bound of quantum query complexity for findi...