Paper 2016/560

Memory-Efficient Algorithms for Finding Needles in Haystacks

Itai Dinur, Orr Dunkelman, Nathan Keller, and Adi Shamir

Abstract

One of the most common tasks in cryptography and cryptanalysis is to find some interesting event (a needle) in an exponentially large collection (haystack) of $N=2^n$ possible events, or to demonstrate that no such event is likely to exist. In particular, we are interested in finding needles which are defined as events that happen with an unusually high probability of $p \gg 1/N$ in a haystack which is an almost uniform distribution on $N$ possible events. When the search algorithm can only sample values from this distribution, the best known time/memory tradeoff for finding such an event requires $O(1/Mp^2)$ time given $O(M)$ memory. In this paper we develop much faster needle searching algorithms in the common cryptographic setting in which the distribution is defined by applying some deterministic function $f$ to random inputs. Such a distribution can be modelled by a random directed graph with $N$ vertices in which almost all the vertices have $O(1)$ predecessors while the vertex we are looking for has an unusually large number of $O(pN)$ predecessors. When we are given only a constant amount of memory, we propose a new search methodology which we call \textbf{NestedRho}. As $p$ increases, such random graphs undergo several subtle phase transitions, and thus the log-log dependence of the time complexity $T$ on $p$ becomes a piecewise linear curve which bends four times. Our new algorithm is faster than the $O(1/p^2)$ time complexity of the best previous algorithm in the full range of $1/N<p<1$, and in particular it improves the previous time complexity by a significant factor of $\sqrt{N}$ for any $p$ in the range $N^{-0.75}<p< N^{-0.5}$. When we are given more memory, we show how to combine the \textbf{NestedRho} technique with the parallel collision search technique in order to further reduce its time complexity. Finally, we show how to apply our new search technique to more complicated distributions with multiple peaks when we want to find all the peaks whose probabilities are higher than $p$.

Metadata
Available format(s)
PDF
Publication info
Published by the IACR in CRYPTO 2016
Keywords
CryptanalysisNeedles in HaystacksMode DetectionRho Algo- rithmsParallel Collision Search
Contact author(s)
orrd @ cs haifa ac il
dinuri @ cs bgu ac il
nkeller @ math biu ac il
adi shamir @ weizmann ac il
History
2016-06-03: received
Short URL
https://ia.cr/2016/560
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2016/560,
      author = {Itai Dinur and Orr Dunkelman and Nathan Keller and Adi Shamir},
      title = {Memory-Efficient Algorithms for Finding Needles in Haystacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/560},
      year = {2016},
      url = {https://eprint.iacr.org/2016/560}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.