A symbolic intruder model for hash-collision attacks

  • Authors:
  • Yannick Chevalier;Mounira Kourjieh

  • Affiliations:
  • IRIT, Université Paul Sabatier, France;IRIT, Université Paul Sabatier, France

  • Venue:
  • ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
  • Year:
  • 2006

Quantified Score

Hi-index 0.00

Visualization

Abstract

In the recent years, several practical methods have been published to compute collisions on some commonly used hash functions. Starting from two messages m1 and m2 these methods permit to compute m′1 and m′2 similar to the former such that they have the same image for a given hash function. In this paper we present a method to take into account, at the symbolic level, that an intruder actively attacking a protocol execution may use these collision algorithms in reasonable time during the attack. This decision procedure relies on the reduction of constraint solving for an intruder exploiting the collision properties of hash functions to constraint solving for an intruder operating on words, that is with an associative symbol of concatenation. The decidability of the latter is interesting in its own right as it is the first decidability result that we are aware of for an intruder system for which unification is infinitary, and permits to consider in other contexts an associative concatenation of messages instead of their pairing.