Sciweavers

EUROCRYPT
2004
Springer

Hash Function Balance and Its Impact on Birthday Attacks

14 years 5 months ago
Hash Function Balance and Its Impact on Birthday Attacks
Textbooks tell us that a birthday attack on a hash function h with range size r requires r1/2 trials (hash computations) to find a collision. But this is quite misleading, being true only if h is regular, meaning all points in the range have the same number of pre-images under h; if h is not regular, fewer trials may be required. But how much fewer? This paper addresses this question by introducing a measure of the “amount of regularity” of a hash function that we call its balance, and then providing estimates of the success-rate of the birthday attack, and the expected number of trials to find a collision, as a function of the balance of the hash function being attacked. In particular, we will see that the number of trials can be significantly less than r1/2 for hash functions of low balance. This leads us to examine popular design principles, such as the MD (Merkle-Damg˚ard) transform, from the point of view of balance preservation, and to mount experiments to determine the b...
Mihir Bellare, Tadayoshi Kohno
Added 01 Jul 2010
Updated 01 Jul 2010
Type Conference
Year 2004
Where EUROCRYPT
Authors Mihir Bellare, Tadayoshi Kohno
Comments (0)