Bounds on Birthday Attack Times
暂无分享,去创建一个
We analyze a generic birthday attack where distinct inputs to some function f are selected until two of the inputs map through f to the same output, meaning that the attack has succeeded. We give tight bounds on the probability of attack success after a given number of inputs are selected as well as tight bounds on the expected number of inputs that must be selected for the attack to succeed. The types of functions considered include random functions with uniformly random outputs, random functions whose outputs have some arbitrary (biased) probability distribution, concrete functions that are balanced (all outputs have the same number of pre-images), and arbitrary concrete functions. In each case the bounds are given in terms of the probability (1/β) that a pair of inputs give the same output, which is different for each type of function. The expected number of steps required to complete a birthday attack in all cases is between 0.7 √ β and 2 √ β. In some cases tighter bounds than this are given. Compared to previous work in this area, the analysis here gives tighter bounds and is more applicable to the most efficient practical methods used to carry out birthday attacks, such as a generalization of Pollard’s rho-method and parallel collision search. However, significant challenges remain in proving bounds for these methods.
[1] Mihir Bellare,et al. Hash Function Balance and Its Impact on Birthday Attacks , 2004, EUROCRYPT.
[2] Edlyn Teske,et al. Speeding Up Pollard's Rho Method for Computing Discrete Logarithms , 1998, ANTS.
[3] Douglas R. Stinson,et al. Cryptography: Theory and Practice , 1995 .
[4] Douglas R. Stinson,et al. Cryptography: Theory and Practice,Second Edition , 2002 .
[5] J. Pollard,et al. Monte Carlo methods for index computation () , 1978 .