Stam's Collision Resistance Conjecture
نویسنده
چکیده
At CRYPTO 2008 Stam [7] made the following conjecture: if an m + s-bit to s-bit compression function F makes r calls to a primitive f of n-bit input, then a collision for F can be obtained (with high probability) using r2 queries to f . For example, a 2n-bit to n-bit compression function making two calls to a random function of n-bit input cannot have collision security exceeding 2. We prove this conjecture up to a constant multiplicative factor and under the condition m := (2m − n(r − 1))/(r + 1) ≥ log2(17). This covers nearly all cases r = 1 of the conjecture and the aforementioned example of a 2n-bit to n-bit compression function making two calls to a primitive of n-bit input.
منابع مشابه
Stam's Conjecture and Threshold Phenomena in Collision Resistance
At CRYPTO 2008 Stam [8] conjectured that if an (m+s)-bit to s-bit compression function F makes r calls to a primitive f of n-bit input, then a collision for F can be obtained (with high probability) using r2 queries to f , which is sometimes less than the birthday bound. Steinberger [9] proved Stam’s conjecture up to a constant multiplicative factor for most cases in which r = 1 and for certain...
متن کاملCan We Construct Unbounded Time-Stamping Schemes from Collision-Free Hash Functions?
It has been known for quite some time that collision-resistance of hash functions does not seem to give any actual security guarantees for unbounded hash-tree time-stamping, where the size of the hash-tree created by the timestamping service is not explicitly restricted. We focus on the possibility of showing that there exist no black-box reductions of unbounded time-stamping schemes to collisi...
متن کاملHash Functions Based on Three Permutations: A Generic Security Analysis
We consider the family of 2n-to-n-bit compression functions that are solely based on at most three permutation executions and on XOR-operators, and analyze its collision and preimage security. Despite their elegance and simplicity, these designs are not covered by the results of Rogaway and Steinberger (CRYPTO 2008). By defining a carefully chosen equivalence relation on this family of compress...
متن کاملSimultaneous Resettability from Collision Resistance
In FOCS 2001, Barak, Goldreich, Goldwasser and Lindell conjectured that the existence of ZAPs, introduced by Dwork and Naor in FOCS 2000, could lead to the design of a zeroknowledge proof system that is secure against both resetting provers and resetting verifiers. Their conjecture has been proven true by Deng, Goyal and Sahai in FOCS 2009 where both ZAPs and collision-resistant hash functions ...
متن کاملThe Shapiro Conjecture: Prompt or Delayed Collapse in the head-on collision of neutron stars?
We study the question of prompt vs. delayed collapse in the head-on collision of two neutron stars. We show that the prompt formation of a black hole is possible, contrary to a conjecture of Shapiro which claims that collapse is delayed until after neutrino cooling. We discuss the insight provided by Shapiro’s conjecture and its limitation. An understanding of the limitation of the conjecture i...
متن کامل