Abstract
In this paper, we study the existence of multicollisions in iterated hash functions. We show that finding multicollisions, i.e. r-tuples of messages that all hash to the same value, is not much harder than finding ordinary collisions, i.e. pairs of messages, even for extremely large values of r. More precisely, the ratio of the complexities of the attacks is approximately equal to the logarithm of r. Then, using large multicollisions as a tool, we solve a long standing open problem and prove that concatenating the results of several iterated hash functions in order to build a larger one does not yield a secure construction. We also discuss the potential impact of our attack on several published schemes. Quite surprisingly, for subtle reasons, the schemes we study happen to be immune to our attack. © International Association for Cryptologic Research 2004.
Cite
CITATION STYLE
Joux, A. (2004). Multicollisions in iterated hash functions. application to cascaded constructions. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3152, 306–316. https://doi.org/10.1007/978-3-540-28628-8_19
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
