Hash function balance and its impact on birthday attacks (2004)
Cached
Download Links
- [www.iacr.org]
- [eprint.iacr.org]
- [www.cs.ucsd.edu]
- [eprint.iacr.org]
- DBLP
Other Repositories/Bibliography
| Venue: | Advances in Cryptology – EUROCRYPT ’04, Lecture Notes in Computer Science |
| Citations: | 17 - 1 self |
BibTeX
@INPROCEEDINGS{Bellare04hashfunction,
author = {Mihir Bellare and Tadayoshi Kohno},
title = {Hash function balance and its impact on birthday attacks},
booktitle = {Advances in Cryptology – EUROCRYPT ’04, Lecture Notes in Computer Science},
year = {2004},
pages = {401--418},
publisher = {Springer-Verlag}
}
Years of Citing Articles
Bookmark
 |
 |
 |
 |
 |
 |
OpenURL
Abstract
Abstract. Textbooks tell us that a birthday attack on a hash function h with range size r requires r 1/2 trials (hash computations) to find a collision. But this is quite misleading, being true only if h is regular, meaning all points in the range have the same number of pre-images under h; if h is not regular, fewer trials may be required. But how much fewer? This paper addresses this question by introducing a measure of the “amount of regularity ” of a hash function that we call its balance, and then providing estimates of the success-rate of the birthday attack, and the expected number of trials to find a collision, as a function of the balance of the hash function being attacked. In particular, we will see that the number of trials can be significantly less than r 1/2 for hash functions of low balance. This leads us to examine popular design principles, such as the MD (Merkle-Damg˚ard) transform, from the point of view of balance preservation, and to mount experiments to determine the balance of popular hash functions. 1
