Joux's multicollision attack is one of the most striking results on hash functions and also one of the simplest: it computes a k-collision on iterated hashes in time , whereas k!1/k •2 n(k - 1)/k was thought to be optimal. Kelsey and Schneier improved this to 3•2 n/2 if storage 2 n/2 is available and if the compression functions admits easily found fixed-points. This paper presents a simple technique that reduces this cost to 2 n/2 and negligible memory, when the IV can be chosen by the attacker. Additional benefits are shorter messages than the Kelsey/Schneier attack and cost-optimality. © 2008 Springer Berlin Heidelberg.
CITATION STYLE
Aumasson, J. P. (2008). Faster multicollisions. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5365 LNCS, pp. 67–77). https://doi.org/10.1007/978-3-540-89754-5_6
Mendeley helps you to discover research relevant for your work.