IACR News item: 10 August 2011
PhD Database
Rafi Chen
New Techniques for Cryptanalysis of Cryptographic Hash Functions
foundations
A cryptographic hash function H takes a message M of an arbitrary length and produces an easy-to-compute message digest H(M) which has fixed, relatively short size. H(M) has to be collision free, i.e., it should be difficult to find any two messages that have the same message digest. Two other important properties are: Preimage resistance, i.e., given a message digest s it should be difficult to find M such that H(M)=s, and second-preimage resistance, i.e., given M1 it should be difficult to find M2 such that H(M1)=H(M2).\r\n
\r\nA widely known technique to attack the collision freeness property is differential cryptanalysis. In this technique a difference between two messages is chosen and the evolution of differences from the plaintext through the intermediate data into the ciphertext is predicted. The differences and the probabilities of the predictions are called a characteristic. An attacker that uses the technique aims at finding a characteristic with high probability, and at constructing an efficient algorithm that selects messages that follow the differences of the characteristic. Our contributions are at both aims.\r\n
\r\nThe multi-block technique is based on our ob[...]
New Techniques for Cryptanalysis of Cryptographic Hash Functions
foundations
A cryptographic hash function H takes a message M of an arbitrary length and produces an easy-to-compute message digest H(M) which has fixed, relatively short size. H(M) has to be collision free, i.e., it should be difficult to find any two messages that have the same message digest. Two other important properties are: Preimage resistance, i.e., given a message digest s it should be difficult to find M such that H(M)=s, and second-preimage resistance, i.e., given M1 it should be difficult to find M2 such that H(M1)=H(M2).\r\n
\r\nA widely known technique to attack the collision freeness property is differential cryptanalysis. In this technique a difference between two messages is chosen and the evolution of differences from the plaintext through the intermediate data into the ciphertext is predicted. The differences and the probabilities of the predictions are called a characteristic. An attacker that uses the technique aims at finding a characteristic with high probability, and at constructing an efficient algorithm that selects messages that follow the differences of the characteristic. Our contributions are at both aims.\r\n
\r\nThe multi-block technique is based on our ob[...]
Additional news items may be found on the IACR news page.