Time-Space Tradeoffs for Finding Multi-Collisions in Merkle-Damgård Hash Functions

Author Akshima



PDF
Thumbnail PDF

File

LIPIcs.ITC.2024.9.pdf
  • Filesize: 0.74 MB
  • 22 pages

Document Identifiers

Author Details

Akshima
  • NYU Shanghai, China

Acknowledgements

We thank the anonymous reviewers for their constructive comments on earlier drafts of the work. We thank David Cash and Siyao Guo for useful discussions.

Cite AsGet BibTex

Akshima. Time-Space Tradeoffs for Finding Multi-Collisions in Merkle-Damgård Hash Functions. In 5th Conference on Information-Theoretic Cryptography (ITC 2024). Leibniz International Proceedings in Informatics (LIPIcs), Volume 304, pp. 9:1-9:22, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2024)
https://doi.org/10.4230/LIPIcs.ITC.2024.9

Abstract

We analyze the multi-collision resistance of Merkle-Damgård hash function construction in the auxiliary input random oracle model. Finding multi-collisions or m-way collisions, for some parameter m, in a hash function consists of m distinct input that have the same output under the hash function. This is a natural generalization of the collision finding problem in hash functions, which is basically finding 2-way collisions. Hardness of finding collisions, or collision resistance, is an important security assumption in cryptography. While the time-space trade-offs for collision resistance of hash functions has received considerable attention, this is the first work that studies time-space trade-offs for the multi-collision resistance property of hash functions based on the popular and widely used Merkle-Damgård (MD) constructions. In this work, we study how the advantage of finding m-way collisions depends on the parameter m. We believe understanding whether multi-collision resistance is a strictly easier property than collision resistance is a fundamental problem and our work facilitates this for adversaries with auxiliary information against MD based hash functions. Furthermore, in this work we study how the advantage varies with the bound on length of the m colliding inputs. Prior works [Akshima et al., 2020; Ashrujit Ghoshal and Ilan Komargodski, 2022; Akshima et al., 2022] have shown that finding "longer" collisions with auxiliary input in MD based hash functions becomes easier. More precisely, the advantage of finding collisions linearly depends on the bound on the length of colliding inputs. In this work, we show similar dependence for m-way collision finding, for any m ≥ 2. We show a simple attack for finding 1-block m-way collisions which achieves an advantage of Ω̃(S/mN). For 2 ≤ B < log m, we give the best known attack for finding B-blocks m-way collision which achieves an advantage of Ω̃(ST/m^{1/(B-1)}N) when m^{1/(B-1)}-way collisions exist on every salt. For B > log m, our attack achieves an advantage of Ω̃(STB/N) which is optimal when SB ≥ T and ST² ≤ N. The main results of this work is showing that our attacks are optimal for B = 1 and B = 2. This implies that in the auxiliary-input random oracle model, the advantage decreases by a multiplicative factor of m for finding 1-block and 2-block m-way collisions (compared to collision finding) in Merkle-Damgård based hash functions.

Subject Classification

ACM Subject Classification
  • Security and privacy → Cryptography
  • Security and privacy → Information-theoretic techniques
  • Mathematics of computing → Probability and statistics
Keywords
  • Collision
  • hash functions
  • multi-collisions
  • Merkle-Damgård
  • pre-computation
  • auxiliary input

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. Akshima, David Cash, Andrew Drucker, and Hoeteck Wee. Time-Space Tradeoffs and Short Collisions in Merkle-Damgård Hash Functions. In Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17-21, 2020, Proceedings, Part I, volume 12170 of Lecture Notes in Computer Science, pages 157-186. Springer, 2020. Google Scholar
  2. Akshima, Xiaoqi Duan, Siyao Guo, and Qipeng Liu. On Time-Space Lower Bounds for Finding Short Collisions in Sponge Hash Functions. In Theory of Cryptography - 21st International Conference, TCC 2023, Taipei, Taiwan, November 29 - December 2, 2023, Proceedings, Part III, volume 14371 of Lecture Notes in Computer Science, pages 237-270. Springer, 2023. URL: https://doi.org/10.1007/978-3-031-48621-0_9.
  3. Akshima, Siyao Guo, and Qipeng Liu. Time-Space Lower Bounds for Finding Collisions in Merkle-Damgård Hash Functions. In Advances in Cryptology - CRYPTO 2022 - 42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, August 15-18, 2022, Proceedings, Part III, volume 13509 of Lecture Notes in Computer Science, pages 192-221. Springer, 2022. URL: https://doi.org/10.1007/978-3-031-15982-4_7.
  4. Mohammad A AlAhmad, Imad Fakhri Alshaikhli, and Mridul Nandi. Joux Multicollisions Attack in Sponge Construction. In Proceedings of the 6th International Conference on Security of Information and Networks, pages 292-296, 2013. Google Scholar
  5. Itay Berman, Akshay Degwekar, Ron D Rothblum, and Prashant Nalini Vasudevan. Multi-Collision Resistant Hash Functions and their Applications. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 133-161. Springer, 2018. Google Scholar
  6. Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche. Sponge Functions. In ECRYPT hash workshop, volume 2007, 2007. Google Scholar
  7. Nir Bitansky, Yael Tauman Kalai, and Omer Paneth. Multi-Collision Resistance: a Paradigm for Keyless Hash Functions. In Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing, pages 671-684, 2018. Google Scholar
  8. Ernest Brickell, David Pointcheval, Serge Vaudenay, and Moti Yung. Design Validations for Discrete Logarithm Based Signature Schemes. In International Workshop on Public Key Cryptography, pages 276-292. Springer, 2000. Google Scholar
  9. Dror Chawin, Iftach Haitner, and Noam Mazor. Lower Bounds on the Time/Memory Tradeoff of Function Inversion. In Theory of Cryptography - 18th International Conference, TCC 2020, Durham, NC, USA, November 16-19, 2020, Proceedings, Part III, pages 305-334, 2020. Google Scholar
  10. Kai-Min Chung, Siyao Guo, Qipeng Liu, and Luowen Qian. Tight Quantum Time-Space Tradeoffs for Function Inversion. In 2020 IEEE 61st Annual Symposium on Foundations of Computer Science (FOCS), pages 673-684. IEEE, 2020. Google Scholar
  11. Sandro Coretti, Yevgeniy Dodis, and Siyao Guo. Non-Uniform Bounds in the Random-Permutation, Ideal-Cipher, and Generic-Group Models. In Annual International Cryptology Conference, pages 693-721. Springer, 2018. Google Scholar
  12. Sandro Coretti, Yevgeniy Dodis, Siyao Guo, and John Steinberger. Random Oracles and Non-Uniformity. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 227-258. Springer, 2018. Google Scholar
  13. Henry Corrigan-Gibbs and Dmitry Kogan. The Discrete-Logarithm Problem with Preprocessing. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 415-447. Springer, 2018. Google Scholar
  14. Henry Corrigan-Gibbs and Dmitry Kogan. The Function-Inversion Problem: Barriers and Opportunities. In TCC, 2019. Also, Crypto ePrint 2019/1046. Google Scholar
  15. Anindya De, Luca Trevisan, and Madhur Tulsiani. Time Space Tradeoffs for Attacks against One-Way Functions and PRGs. In Annual Cryptology Conference, pages 649-665. Springer, 2010. Google Scholar
  16. Yevgeniy Dodis, Siyao Guo, and Jonathan Katz. Fixing Cracks in the Concrete: Random Oracles with Auxiliary Input, Revisited. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 473-495. Springer, 2017. Google Scholar
  17. Cody Freitag, Ashrujit Ghoshal, and Ilan Komargodski. Time-Space Tradeoffs for Sponge Hashing: Attacks and Limitations for Short Collisions. In Advances in Cryptology - CRYPTO 2022 - 42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, August 15-18, 2022, Proceedings, Part III, volume 13509 of Lecture Notes in Computer Science, pages 131-160. Springer, 2022. URL: https://doi.org/10.1007/978-3-031-15982-4_5.
  18. Cody Freitag, Ashrujit Ghoshal, and Ilan Komargodski. Optimal Security for Keyed Hash Functions: Avoiding Time-Space Tradeoffs for Finding Collisions. In Carmit Hazay and Martijn Stam, editors, Advances in Cryptology - EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Lyon, France, April 23-27, 2023, Proceedings, Part IV, volume 14007 of Lecture Notes in Computer Science, pages 440-469. Springer, 2023. URL: https://doi.org/10.1007/978-3-031-30634-1_15.
  19. Ashrujit Ghoshal and Ilan Komargodski. On Time-Space Tradeoffs for Bounded-Length Collisions in Merkle-Damgård Hashing. In Advances in Cryptology - CRYPTO 2022 - 42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, August 15-18, 2022, Proceedings, Part III, volume 13509 of Lecture Notes in Computer Science, pages 161-191. Springer, 2022. URL: https://doi.org/10.1007/978-3-031-15982-4_6.
  20. Marc Girault and Jacques Stern. On the Length of Cryptographic Hash-Values Used in Identification Schemes. In Annual International Cryptology Conference, pages 202-215. Springer, 1994. Google Scholar
  21. Alexander Golovnev, Siyao Guo, Spencer Peters, and Noah Stephens-Davidowitz. Revisiting Time-Space Tradeoffs for Function Inversion. In Helena Handschuh and Anna Lysyanskaya, editors, Advances in Cryptology - CRYPTO 2023 - 43rd Annual International Cryptology Conference, CRYPTO 2023, Santa Barbara, CA, USA, August 20-24, 2023, Proceedings, Part II, volume 14082 of Lecture Notes in Computer Science, pages 453-481. Springer, 2023. URL: https://doi.org/10.1007/978-3-031-38545-2_15.
  22. Nick Gravin, Siyao Guo, Tsz Chiu Kwok, and Pinyan Lu. Concentration Bounds for Almost k-wise Independence with Applications to Non-Uniform Security. In Proceedings of the 2021 ACM-SIAM Symposium on Discrete Algorithms (SODA), pages 2404-2423. SIAM, 2021. Google Scholar
  23. M. Hellman. A Cryptanalytic Time-memory Trade-off. IEEE Trans. Inf. Theor., 26(4):401-406, July 1980. Google Scholar
  24. Russell Impagliazzo and Valentine Kabanets. Constructive Proofs of Concentration Bounds. In Approximation, Randomization, and Combinatorial Optimization. Algorithms and Techniques, 13th International Workshop, APPROX 2010, and 14th International Workshop, RANDOM 2010, Barcelona, Spain, September 1-3, 2010. Proceedings, pages 617-631, 2010. Google Scholar
  25. Antoine Joux. Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions. In Annual International Cryptology Conference, pages 306-316. Springer, 2004. Google Scholar
  26. Ilan Komargodski, Moni Naor, and Eylon Yogev. Collision Resistant Hashing for Paranoids: Dealing with Multiple Collisions. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 162-194. Springer, 2018. Google Scholar
  27. Qipeng Liu and Mark Zhandry. On Finding Quantum Multi-Collisions. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 189-218. Springer, 2019. Google Scholar
  28. Ronald L Rivest and Adi Shamir. PayWord and MicroMint: Two Simple Micropayment Schemes. In International workshop on security protocols, pages 69-87. Springer, 1996. Google Scholar
  29. Ron D. Rothblum and Prashant Nalini Vasudevan. Collision-Resistance from Multi-Collision-Resistance. In Advances in Cryptology - CRYPTO 2022 - 42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, August 15-18, 2022, Proceedings, Part III, volume 13509 of Lecture Notes in Computer Science, pages 503-529. Springer, 2022. URL: https://doi.org/10.1007/978-3-031-15982-4_17.
  30. Dominique Unruh. Random Oracles and Auxiliary Input. In Annual International Cryptology Conference, pages 205-223. Springer, 2007. Google Scholar
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail