Using Random Error Correcting Codes in Near-Collision Attacks on Generic Hash-Functions

In this paper we consider the problem of finding near- collisions with Hamming distance bounded by \(r\) in generic \(n\)-bit hash functions. In 2011, Lamberger and Rijmen proposed a modified version of Pollard’s rho method, and in 2012 Leurent improved this memoryless algorithm by using any available memory to store chain endpoints. Both algorithms use a perfect error correcting code to change near-collisions into full-collisions, but such codes are rare and have very small distance. In this paper we propose using randomly chosen linear codes, whose decoding can be made efficient by using some of the available memory to store error-correction tables. Compared to Leurent’s algorithm, we experimentally verified an improvement ratio of about \(3\) in a small example with \(n=160\) and \(r=33\) which we implemented on a single PC, and mathematically predicted a significant improvement ratio of about \(730\) in a larger example with \(n=1024\) and \(r=100\), using \(2^{40}\) memory.

[1]  Andrew Chi-Chih Yao,et al.  The Complexity of Finding Cycles in Periodic Functions , 1982, SIAM J. Comput..

[2]  Gaëtan Leurent Time-Memory Trade-Offs for Near-Collisions , 2012, FSE.

[3]  A. Juels,et al.  PROOFS OF WORK AND BREAD PUDDING PROTOCOLS (EXTENDED ABSTRACT) , 1999 .

[4]  Florian Mendel,et al.  On Free-Start Collisions and Collisions for TIB3 , 2009, ISC.

[5]  Vincent Rijmen,et al.  Optimal Covering Codes for Finding Near-Collisions , 2010, Selected Areas in Cryptography.

[6]  Gabriel Nivasch,et al.  Cycle detection using a stack , 2004, Inf. Process. Lett..

[7]  Victor S. Miller,et al.  Optimal Hash Functions for Approximate Matches on the $n$-Cube , 2010, IEEE Transactions on Information Theory.

[8]  Vincent Rijmen,et al.  Exploiting Coding Theory for Collision Attacks on SHA-1 , 2005, IMACC.

[9]  Gideon Yuval,et al.  How to Swindle Rabin , 1979, Cryptologia.

[10]  F. MacWilliams,et al.  The Theory of Error-Correcting Codes , 1977 .

[11]  Marc Stevens,et al.  Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate , 2009, CRYPTO.

[12]  Mario Lamberger,et al.  Memoryless near-collisions, revisited , 2012, Inf. Process. Lett..

[13]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[14]  Richard P. Brent,et al.  An improved Monte Carlo factorization algorithm , 1980 .

[15]  Eli Biham,et al.  Near-Collisions of SHA-0 , 2004, CRYPTO.

[16]  Paul C. van Oorschot,et al.  Parallel Collision Search with Cryptanalytic Applications , 2013, Journal of Cryptology.

[17]  Victor S. Miller,et al.  Optimal hash functions for approximate closest pairs on the n-cube , 2008, ArXiv.

[18]  Vincent Rijmen,et al.  Memoryless near-collisions via coding theory , 2011, Des. Codes Cryptogr..

[19]  Jean-Jacques Quisquater,et al.  How Easy is Collision Search. New Results and Applications to DES , 1989, CRYPTO.

[20]  Markus Jakobsson,et al.  Proofs of Work and Bread Pudding Protocols , 1999, Communications and Multimedia Security.

[21]  Antoine Joux,et al.  Differential Collisions in SHA-0 , 1998, CRYPTO.