TU Darmstadt / ULB / TUbiblio

On an Approach to Compute (at Least) Almost Exact Probabilities for Differential Hash Collision Paths

Gebhardt, Max ; Illies, Georg ; Schindler, Werner
Hrsg.: Alkassar, A. ; Siekmann, J. (2008)
On an Approach to Compute (at Least) Almost Exact Probabilities for Differential Hash Collision Paths.
Bonn
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

This paper presents a new, generally applicable method to compute the probability of given differential (near-)collision paths in Merkle-Damgard-type hash functions. The path probability determines the expected workload to generate a collision (and thus the true risk potential of a particular attack). In particular, if the expected workload appears to be in a borderline region between practical feasibility and non-feasibility (as for SHA-1 collisions, for instance) it is desirable to know these probabilities as exact as possible. For MD5 we verified the accuracy of our approach experimentally. Our results underline both that the number of bit conditions only provides a rough estimate for the true path probability and the impact of the IV. An expanded version of this paper can be found online [GIS4].

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2008
Herausgeber: Alkassar, A. ; Siekmann, J.
Autor(en): Gebhardt, Max ; Illies, Georg ; Schindler, Werner
Art des Eintrags: Bibliographie
Titel: On an Approach to Compute (at Least) Almost Exact Probabilities for Differential Hash Collision Paths
Sprache: Englisch
Publikationsjahr: April 2008
Verlag: Köllen
(Heft-)Nummer: P-128
Buchtitel: Sicherheit 2008, Gesellschaft für Informatik
Reihe: Lecture Notes in Informatics
Veranstaltungsort: Bonn
Kurzbeschreibung (Abstract):

This paper presents a new, generally applicable method to compute the probability of given differential (near-)collision paths in Merkle-Damgard-type hash functions. The path probability determines the expected workload to generate a collision (and thus the true risk potential of a particular attack). In particular, if the expected workload appears to be in a borderline region between practical feasibility and non-feasibility (as for SHA-1 collisions, for instance) it is desirable to know these probabilities as exact as possible. For MD5 we verified the accuracy of our approach experimentally. Our results underline both that the number of bit conditions only provides a rough estimate for the true path probability and the impact of the IV. An expanded version of this paper can be found online [GIS4].

Freie Schlagworte: Secure Things;hash function, collision path, postaddition, probability, stochastic model
ID-Nummer: TUD-CS-2008-1130
Fachbereich(e)/-gebiet(e): LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
LOEWE > LOEWE-Zentren
LOEWE
Hinterlegungsdatum: 30 Dez 2016 20:23
Letzte Änderung: 17 Mai 2018 13:02
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen