The security of the cipher block chaining message authentication code
Journal of Computer and System Sciences
On the Length of Cryptographic Hash-Values Used in Identification Schemes
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
PayWord and MicroMint: Two Simple Micropayment Schemes
Proceedings of the International Workshop on Security Protocols
Design Validations for Discrete Logarithm Based Signature Schemes
PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Combinatorial multicollision attacks on generalized iterated hash functions
AISC '10 Proceedings of the Eighth Australasian Conference on Information Security - Volume 105
Variants of multicollision attacks on iterated hash functions
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Unavoidable regularities in long words with bounded number of symbol occurrences
COCOON'11 Proceedings of the 17th annual international conference on Computing and combinatorics
A lightweight 256-bit hash function for hardware and low-end devices: lesamnta-LW
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Multicollisions and graph-based hash functions
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Unavoidable regularities in long words with bounded number of symbol occurrences
Journal of Combinatorial Optimization
Hi-index | 0.00 |
In this paper, we study multi-collision probability. For a hash function H:D → R with |R| = n, it has been believed that we can find an s-collision by hashing Q = n(s-1)/s times. We first show that this probability is at most 1/s! for any s, which is very small for large s (for example, s = n(s-1)/s). Thus the above folklore is wrong for large s. We next show that if s is small, so that we can assume Q-s ≈ Q, then this probability is at least 1/s!-1/2(s!)2, which is very high for small s (for example, s is a constant). Thus the above folklore is true for small s. Moreover, we show that by hashing (s!)1/s × Q + s-1 (≤ n) times, an s-collision is found with probability approximately 0.5 for any n and s such that (s!/n)1/s ≈ 0. Note that if s = 2, it coincides with the usual birthday paradox. Hence it is a generalization of the birthday paradox to multi-collisions.