Cryptanalysis of the Tillich–Zémor Hash Function

  • Authors:

  • Markus Grassl;Ivana Ilić;Spyros Magliveras;Rainer Steinwandt

  • Affiliations:

  • National University of Singapore, Centre for Quantum Technologies (CQT), S15 #03-11, 3 Science Drive 2, 117543, Singapore, Singapore;Florida Atlantic University, Center for Cryptology and Information Security, Department of Mathematical Sciences, 777 Glades Road, 33431, Boca Raton, FL, USA;Florida Atlantic University, Center for Cryptology and Information Security, Department of Mathematical Sciences, 777 Glades Road, 33431, Boca Raton, FL, USA;Florida Atlantic University, Center for Cryptology and Information Security, Department of Mathematical Sciences, 777 Glades Road, 33431, Boca Raton, FL, USA

  • Venue:
  • Journal of Cryptology
  • Year:
  • 2011

Quantified Score

Hi-index 0.00

Visualization

Abstract

At CRYPTO ’94, Tillich and Zémor proposed a family of hash functions, based on computing a suitable matrix product in groups of the form $SL_{2}(\mathbb{F}_{2^{n}})$. We show how to construct collisions between palindromic bit strings of length 2n+2 for Tillich and Zémor’s construction. The approach also yields collisions for related proposals by Petit et al. from ICECS ’08 and CT-RSA ’09. It seems fair to consider our attack as practical: for parameters of interest, the colliding bit strings have a length of a few hundred bits and can be found on a standard PC within seconds.