We present a generally applicable approach to determine at least almost exact probabilities of differential paths where we focus on (near-)collision paths for Merkle-Damgard-type hash functions. Our results show both that the number of bit conditions provides only a rough estimate for the true path probability and that the IV may have significant impact on the path probability. For MD5 we verified the effectivity of our approach experimentally. An abbreviated version [GIS4], which in particular omits proofs, technical details and several examples, will appear in the proceedings of the security conference 'Sicherheit 2008'.
Category / Keywords: hash function, collision path, probability Publication Info: pre-version: Second Cryptographic Hash Workshop, NIST 2006, http://www.csrc.nist.gov/pki/HashWorkshop/2006/Papers/; abbreviated version: to appear in the proceedings of "Sicherheit 2008" Date: received 15 Jan 2008, last revised 22 Jan 2008 Contact author: Werner Schindler at bsi bund de Available formats: PDF | BibTeX Citation Version: 20080122:210359 (All versions of this report) Discussion forum: Show discussion | Start new discussion