How easy is collision search? Application to DES
EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Hash functions based on block ciphers: a synthetic approach
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Handbook of Applied Cryptography
Handbook of Applied Cryptography
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
Formal aspects of mobile code security
Formal aspects of mobile code security
Multi-collision attack on the compression functions of MD4 and 3-pass HAVAL
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Domain extension of public random functions: beyond the birthday Barrier
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Second preimage attacks on dithered hash functions
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
How (not) to efficiently dither blockcipher-based hash functions?
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
Preimage and collision attacks on MD2
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Second preimages on n-bit hash functions for much less than 2n work
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Herding hash functions and the nostradamus attack
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Birthday paradox for multi-collisions
ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
Multicollision Attacks on Some Generalized Sequential Hash Functions
IEEE Transactions on Information Theory
Variants of multicollision attacks on iterated hash functions
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
| Hi-index | 0.00 |
Joux’s multicollision attack is one of the most striking results on hash functions and also one of the simplest: it computes a kcollision on iterated hashes in time [log2 k&]·2n/2, whereas k!1/k ·2n(k−1)/k was thought to be optimal. Kelsey and Schneier improved this to 3 · 2n/2 if storage 2n/2 is available and if the compression functions admits easily found fixed-points. This paper presents a simple technique that reduces this cost to 2n/2 and negligible memory, when the IV can be chosen by the attacker. Additional benefits are shorter messages than the Kelsey/Schneier attack and cost-optimality.