Paper 2009/456
An Automata-Theoretic Interpretation of Iterated Hash Functions - Application to Multicollisions
Kimmo Halunen, Juha Kortelainen, and Tuomas Kortelainen
Abstract
In this paper we present a new method of constructing multicollision sets for iterated hash functions. Multicollisions have been studied quite actively since Joux published an attack against iterated hash functions, which works in $O(k2^{\frac{n}{2}} )$ complexity for $2^k$ -multicollisions. Recently Kelsey \& Schneier and Aumasson have published even faster multicollision attacks, which are based on fixed points of the compression function and some assumptions on the attacker's capabilities. Our method has complexity $O(2^{\frac{n}{2}} )$ for arbitrarily large multicollision sets and does not have any additional assumptions on the compression function or attacker's capabilities. The drawback of our method is the extremely long messages generated by the algorithm in the worst case. Our method is based on automata theory and, given a compression function $f$, we construct a finite state transducer, which realizes the iterated hash function based on $f$. The method for generating multicollision sets is based on well known pumping properties of these automata.
Metadata
- Available format(s)
- -- withdrawn --
- Category
- Foundations
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- hash functionmulticollisionautomata theory
- Contact author(s)
- khalunen @ ee oulu fi
- History
- 2009-10-19: withdrawn
- 2009-09-20: received
- See all versions
- Short URL
- https://ia.cr/2009/456
- License
-
CC BY