On the deterministic complexity of factoring polynomials over finite fields
Information Processing Letters
Gaussian limiting distributions for the number of components in combinatorial structures
Journal of Combinatorial Theory Series A
Existence and explicit constructions of q+1 regular Ramanujan graphs for every prime power q
Journal of Combinatorial Theory Series B
Hash functions and Cayley graphs
Designs, Codes and Cryptography
Group-theoretic hash functions
Proceedings of the First French-Israeli Workshop on Algebraic Coding
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Cryptographic Hash Functions from Expander Graphs
Journal of Cryptology
Collisions for the LPS expander graph hash function
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
VSH, an efficient and provable collision-resistant hash function
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Interpreting hash function security proofs
ProvSec'10 Proceedings of the 4th international conference on Provable security
Preimages for the Tillich-Zémor hash function
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies
PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
Hi-index | 0.00 |
Collisions in the LPS cryptographic hash function of Charles, Goren and Lauter have been found by Zémor and Tillich [17], but it was not clear whether computing preimages was also easy for this hash function. We present a probabilistic polynomial time algorithm solving this problem. Subsequently, we study the Morgenstern hash, an interesting variant of LPS hash, and break this function as well. Our attacks build upon the ideas of Zémor and Tillich but are not straightforward extensions of it. Finally, we discuss fixes for the Morgenstern hash function and other applications of our results.