• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>Progress in cryptology - VIETCRYPT 2006 >How to Construct Sufficient Conditions for Hash Functions
【24h】

How to Construct Sufficient Conditions for Hash Functions

机译:如何为哈希函数构造充分条件

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Wang et al. have proposed collision attacks for various hash functions. Their approach is to first construct a differential path, and then determine the conditions (sufficient conditions) that maintain the differential path. If a message that satisfies all sufficient conditions is found, a collision can be generated. Therefore, in order to apply the attack of Wang et al., we need techniques for constructing differential paths and for determining sufficient conditions.rnIn this paper, we propose the "SC algorithm", an algorithm that can automatically determine the sufficient conditions. The input of the SC algorithm is a differential path, that is, all message differentials and differentials of the chaining variables. The SC algorithm then outputs the sufficient conditions. The computation time of the SC algorithm is within few seconds. In applying the method of Wang et al. to MD5, there are 3 types of sufficient conditions: conditions for controlling the carry length when differentials appear in the chaining variables, conditions for controlling the output differentials of the Boolean function when the input variables of the function have differentials and conditions for controlling the relationship between the carry effect and left rotation operation. Sufficient conditions for SHA-1, SHA-0 and MD4 consist of only Type 1 and Type 2. Type 3 is unique to MD5. The SC algorithm can construct Type 1 and Type 2 conditions; we use the method of Liang et al. to construct Type 3 conditions.rnThe complexity of the collision attack depends on the number of sufficient conditions needed. The SC algorithm constructs the fewest possible sufficient conditions. To check the feasibility of the SC algorithm, we apply it to the differential path of MD5 given by Wang et al. It is shown to yield 12 fewer conditions than the latest work on MD5. The SC algorithm is applicable to the MD-family and the SHA-family. This paper focuses on the sufficient conditions of MD5, but only as an example.
机译:Wang等。提出了针对各种哈希函数的碰撞攻击。他们的方法是首先构造一条差异路径,然后确定维持差异路径的条件(充分条件)。如果找到满足所有充分条件的消息,则会生成冲突。因此,为了施加Wang等人的攻击,我们需要构造差分路径和确定充分条件的技术。在本文中,我们提出了一种“ SC算法”,该算法可以自动确定充分条件。 SC算法的输入是一条差分路径,即所有消息差分和链接变量的差分。然后,SC算法将输出足够的条件。 SC算法的计算时间在几秒钟之内。在应用王等人的方法。根据MD5,有3种充分的条件类型:当链变量中出现差异时用于控制进位长度的条件,当函数的输入变量具有差异时用于控制布尔函数的输出差异的条件以及用于控制关系的条件在进位效果和左旋转操作之间。 SHA-1,SHA-0和MD4的充分条件仅由类型1和类型2组成。类型3是MD5唯一的。 SC算法可以构造类型1和类型2的条件。我们使用梁等人的方法。构造第3类条件。碰撞攻击的复杂性取决于所需的足够条件的数量。 SC算法可构造最少的充分条件。为了检验SC算法的可行性,我们将其应用于Wang等人给出的MD5的差分路径。与最新的MD5研究相比,它产生的条件要少12个。 SC算法适用于MD系列和SHA系列。本文重点介绍MD5的充分条件,但仅作为示例。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号