Cryptology ePrint Archive: Report 2009/456

An Automata-Theoretic Interpretation of Iterated Hash Functions - Application to Multicollisions

Kimmo Halunen and Juha Kortelainen and Tuomas Kortelainen

Abstract: In this paper we present a new method of constructing multicollision sets for iterated hash functions. Multicollisions have been studied quite actively since Joux published an attack against iterated hash functions, which works in $O(k2^{\frac{n}{2}} )$ complexity for $2^k$ -multicollisions. Recently Kelsey \& Schneier and Aumasson have published even faster multicollision attacks, which are based on fixed points of the compression function and some assumptions on the attacker's capabilities. Our method has complexity $O(2^{\frac{n}{2}} )$ for arbitrarily large multicollision sets and does not have any additional assumptions on the compression function or attacker's capabilities. The drawback of our method is the extremely long messages generated by the algorithm in the worst case. Our method is based on automata theory and, given a compression function $f$, we construct a finite state transducer, which realizes the iterated hash function based on $f$. The method for generating multicollision sets is based on well known pumping properties of these automata.

Category / Keywords: foundations / hash function, multicollision, automata theory

Date: received 16 Sep 2009, withdrawn 19 Oct 2009

Contact author: khalunen at ee oulu fi

Available formats: (-- withdrawn --)

Version: 20091019:061423 (All versions of this report)

Discussion forum: Show discussion | Start new discussion