Paper 2008/022

Computing Almost Exact Probabilities of Differential Hash Collision Paths by Applying Appropriate Stochastic Methods

M. Gebhardt, G. Illies, and W. Schindler

Abstract

Generally speaking, the probability of a differential path determines an upper bound for the expected workload and thus for the true risk potential of a differential attack. In particular, if the expected workload seems to be in a borderline region between practical feasibility and non-feasibility it is desirable to know the path probability as exact as possible. We present a generally applicable approach to determine at least almost exact probabilities of differential paths where we focus on (near-)collision paths for Merkle-Damgard-type hash functions. Our results show both that the number of bit conditions provides only a rough estimate for the true path probability and that the IV may have significant impact on the path probability. For MD5 we verified the effectivity of our approach experimentally. An abbreviated version [GIS4], which in particular omits proofs, technical details and several examples, will appear in the proceedings of the security conference 'Sicherheit 2008'.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. pre-version: Second Cryptographic Hash Workshop, NIST 2006, http://www.csrc.nist.gov/pki/HashWorkshop/2006/Papers/; abbreviated version: to appear in the proceedings of "Sicherheit 2008"
Keywords
hash functioncollision pathprobability
Contact author(s)
Werner Schindler @ bsi bund de
History
2008-01-22: revised
2008-01-22: received
See all versions
Short URL
https://ia.cr/2008/022
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2008/022,
      author = {M.  Gebhardt and G.  Illies and W.  Schindler},
      title = {Computing Almost Exact Probabilities of Differential Hash Collision Paths by Applying Appropriate Stochastic Methods},
      howpublished = {Cryptology {ePrint} Archive, Paper 2008/022},
      year = {2008},
      url = {https://eprint.iacr.org/2008/022}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.