Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


k-way hash collisions
.

  • To: [EMAIL PROTECTED]
  • Subject: k-way hash collisions
  • From: kas kati <[EMAIL PROTECTED]>
  • Date: Wed, 8 Dec 2004 07:21:18 -0800 (PST)
  • Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=nsrTpHUDqzavNxfu+9rgwGY8BUcGJ8vvI57QnyolPA00S+afGfhJEJPudJYu/cPQefKxQdGjCCI7bOs9Rmwo2zv+lvzUVIFM8Vq4B0g1NQyLRbnYUGTlOUtRzkFflhKje0ojXCeObqd7eD++yOyuhscLi1Dq7MPeiddm4hemzGM= ;
  • Sender: [EMAIL PROTECTED]
.
 
For an ideal hash function, the complexity of finding a k-way
collision is
O(2^{(k-1)n/k}) therefore as k becomes larger, the complexity of a
k-way collision attack approaches the complexity of a pre-image
attack.

Recently, Joux showed a generic multi-collision attack for iterated
hash functions to reduce the k-way collision complexity to
O(log(k)*2^{(n/2)}). But in his attack the pre-images are not
independent. They are just combinations of block collisions of k
blocks. Here are my questions:

1. How can the formula for the complexity of finding a k-way collision
be derived?

2. Is there any hash design that allows to reduce the complexity of
k-way collision for "independent" pre-images while preserving the
complexity of the pre-image attack?

Thanks in advance for your interest.



		
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.