论文信息 - FFT-Hash-II is not yet Collision-free

FFT-Hash-II is not yet Collision-free

In this paper, we show that the FFT-Hash function proposed by Schnorr [2] is not collision free. Finding a collision requires about 224 computation of the basic function of FFT. This can be done in few hours on a SUN4-workstation. In fact, it is at most as strong as a one-way hash function which returns a 48 bits length value. Thus, we can invert the proposed FFT hash-function with 248 basic computations. Some simple improvements of the FFT hash function are also proposed to try to get rid of the weaknesses of FFT.

Serge Vaudenay | S. Vaudenay

[1] Marc Girault,et al. FFT Hashing is not Collision-free , 1992, EUROCRYPT.

[2] Claus-Peter Schnorr,et al. FFT-Hash II, Efficient Cryptographic Hashing , 1992, EUROCRYPT.