Paper 2009/456

An Automata-Theoretic Interpretation of Iterated Hash Functions - Application to Multicollisions

Kimmo Halunen, Juha Kortelainen, and Tuomas Kortelainen

Abstract

In this paper we present a new method of constructing multicollision sets for iterated hash functions. Multicollisions have been studied quite actively since Joux published an attack against iterated hash functions, which works in $O(k2^{\frac{n}{2}} )$ complexity for $2^k$ -multicollisions. Recently Kelsey \& Schneier and Aumasson have published even faster multicollision attacks, which are based on fixed points of the compression function and some assumptions on the attacker's capabilities. Our method has complexity $O(2^{\frac{n}{2}} )$ for arbitrarily large multicollision sets and does not have any additional assumptions on the compression function or attacker's capabilities. The drawback of our method is the extremely long messages generated by the algorithm in the worst case. Our method is based on automata theory and, given a compression function $f$, we construct a finite state transducer, which realizes the iterated hash function based on $f$. The method for generating multicollision sets is based on well known pumping properties of these automata.

Metadata
Available format(s)
-- withdrawn --
Category
Foundations
Publication info
Published elsewhere. Unknown where it was published
Keywords
hash functionmulticollisionautomata theory
Contact author(s)
khalunen @ ee oulu fi
History
2009-10-19: withdrawn
2009-09-20: received
See all versions
Short URL
https://ia.cr/2009/456
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.