Probability to meet in the middle
Journal of Cryptology
Toward a theory of Pollard's rho method
Information and Computation
Parallel algorithms for integer factorisation
Number theory and cryptography
EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
How easy is collision search? Application to DES
EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Factoring integers using SIMD sieves
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms
The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms
The art of computer programming, volume 3: (2nd ed.) sorting and searching
The art of computer programming, volume 3: (2nd ed.) sorting and searching
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Lattice sieving and trial division
ANTS-I Proceedings of the First International Symposium on Algorithmic Number Theory
A note on discrete logarithms with special structure
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
On the development of a fast elliptic curve cryptosystem
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
The State of Elliptic Curve Cryptography
Designs, Codes and Cryptography - Special issue on towards a quarter-century of public key cryptography
HAS-V: A New Hash Function with Variable Output Length
SAC '00 Proceedings of the 7th Annual International Workshop on Selected Areas in Cryptography
Some Parallel Algorithms for Integer Factorisation
Euro-Par '99 Proceedings of the 5th International Euro-Par Conference on Parallel Processing
Keying Hash Functions for Message Authentication
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Improving Implementable Meet-in-the-Middle Attacks by Orders of Magnitude
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
A Practice-Oriented Treatment of Pseudorandom Number Generators
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Cryptoanalysis in Prime Order Subgroups of Z*n
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
The State of Cryptographic Hash Functions
Lectures on Data Security, Modern Cryptology in Theory and Practice, Summer School, Aarhus, Denmark, July 1998
Cryptographic Primitives for Information Authentication - State of the Art
State of the Art in Applied Cryptography, Course on Computer Security and Industrial Cryptography - Revised Lectures
Cryptanalytic Attacks on Pseudorandom Number Generators
FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
New Constructions for Secure Hash Functions
FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
High-Speed Pseudorandom Number Generation with Small Memory
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Fast Key Exchange with Elliptic Curve Systems
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Crypto-based identifiers (CBIDs): Concepts and applications
ACM Transactions on Information and System Security (TISSEC)
Random mappings with exchangeable in-degrees
Random Structures & Algorithms
New Techniques for Cryptanalysis of Hash Functions and Improved Attacks on Snefru
Fast Software Encryption
Improved Generic Algorithms for 3-Collisions
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
An Improvement to the Gaudry-Schost Algorithm for Multidimensional Discrete Logarithm Problems
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
On diffie-hellman key agreement with short exponents
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Making a nymbler nymble using VERBS
PETS'10 Proceedings of the 10th international conference on Privacy enhancing technologies
Accelerating inverse of GF(2n) with precomputation
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Hi-index | 0.00 |
Current techniques for collision search with feasible memory requirements involve pseudo-random walks through some space where one must wait for the result of the current step before the next step can begin. These techniques are serial in nature, and direct parallelization is inefficient. We present a simple new method of parallelizing collision searches that greatly extends the reach of practical attacks. The new method is illustrated with applications to hash functions and discrete logarithms in cyclic groups. In the case of hash functions, we begin with two messages; the first is a message that we want our target to digitally sign, and the second is a message that the target is willing to sign. Using collision search adapted for hashing collisions, one can find slightly altered versions of these messages such that the two new messages give the same hash result. As a particular example, a $10 million custom machine for applying parallel collision search to the MD5 hash function could complete an attack with an expected run time of 24 days. This machine would be specific to MD5, but could be used for any pair of messages. For discrete logarithms in cyclic groups, ideas from Pollard's rho and lambda methods for index computation are combined to allow efficient parallel implementation using the new method. As a concrete example, we consider an elliptic curve cryptosystem over GF(2155) with the order of the curve having largest prime factor of approximate size 1036. A $10 million machine custom built for this finite field could compute a discrete logarithm with an expected run time of 36 days.