Skip to main content
Cryptography

Questions tagged [collision-resistance]

Ask Question

Difficulty of finding two different inputs that hash to the same value

767 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
1 vote
0 answers
74 views

Secure Hash Function [closed]

We need to show $H'(x) =H_1(H_2(x))$ need not be a secure CRHF even if one of $H_1$ or $H_2$ is secure. The case when $H_2$ is insecure is clear as the pair of messages $m,m'$ given as output for $H_2$...
Crypto_Research's user avatar
Crypto_Research
  • 759
2 votes
1 answer
168 views

Is omitting the first output in the squeezing phase of a sponge a security risk?

I recently saw a specification of a hash function, which is based on a sponge. The hash function produces a $128$ bit message digest $H(X)$. Let's assume that $S$ is the final state of the absorbing ...
David Krell's user avatar
David Krell
  • 168
5 votes
3 answers
377 views

A definition for *unkeyed* collision-resistant hash functions?

This question asks if a certain definition of unkeyed collision-resistant hash functions makes sense (i.e., it can be employed in usual security proofs) or, if not, what are its flaws. Some context is ...
LarryX's user avatar
LarryX
  • 85
1 vote
0 answers
62 views

Why do MQ-based signature schemes sign an image, and not a preimage?

In multivariate signature schemes like UOV and its variants, the signer signs a message $t\in \mathbb{F}_p^m$ by demonstrating a preimage $s\in \mathbb{F}_p^n$ such that $\mathcal{P}(s)=t$, for a ...
user404920's user avatar
user404920
  • 111
-1 votes
1 answer
148 views

Found collision in fnv132 hash

I'm experimenting with hash functions in PHP using the built-in hash() function... and I've stumbled upon something interesting: I have found collision in fnv132 ...
Yousha Aleayoub's user avatar
Yousha Aleayoub
  • 99
1 vote
1 answer
142 views

How to tell if a hash function is a good hash function? By analysis

Suppose $n = pq$, where $p$ and $q$ are large prime numbers, and $\varphi(n) = (p - 1)(q - 1)$, and let $g < n$. Is $h(x) = g^x \bmod n$ a good hash function? Why? What should I be looking for? I ...
jdsus's user avatar
jdsus
  • 11
2 votes
1 answer
323 views

Is S2V collision resistant?

From draft-madden-generalised-siv: SIV defines a particularly efficient encoding provided by the function S2V (for "string to vector") that converts a single-string PRF to a vector input ...
samuel-lucas6's user avatar
samuel-lucas6
  • 2,270
1 vote
1 answer
112 views

SipHash-1-3 128 bit variant

I came across a 128 bit variant of the SipHash-1-3 function (as opposed to the original 64 bit output). I tried looking for any public cryptanalysis of this function but couldn't find any. Moreover, ...
adamk's user avatar
adamk
  • 11
8 votes
2 answers
2k views

Security of hash concatenation?

Let $H(x)$ be a hash function with an output length of $L$ bits and a collision resistance of $M$ bits. Suppose we construct a new hash function $H_{2}(x)$ by concatenating multiple evaluations of $H(...
Per Mertesacker's user avatar
Per Mertesacker
  • 207
1 vote
0 answers
66 views

"Good" hashing with fixed-size keys less than double the width of the hash (30-to-16)

Apologies in advance for my lack of terminology or proficiency, I'm a CS undergrad still. I am designing a relatively simple homebrew, insecure hash for a hashmap for a codebase that will run on an ...
petroleus's user avatar
petroleus
  • 11
2 votes
0 answers
93 views

Key-less Security via Uniformity of Attackers

Is it known possible (or impossible) to provably build a key-less collision-resistant hash function (CRHF), provided that attackers are, say, Turing machines? Such a hash function would essentially ...
Yu-Hsuan Huang's user avatar
Yu-Hsuan Huang
  • 212
1 vote
1 answer
174 views

What is wrong with this hash function

I have been asked what is a problem with hash function: $$h(S) = \left(\left(\sum S[i]*x^i\right)\bmod p\right)\bmod m$$ where $i=\{0,\ldots,s-1\}\,$; $S$ is some long string; $x$ is some positive ...
Pavel's user avatar
Pavel
  • 11
2 votes
1 answer
196 views

Are algorithms like Ascon-PRFshort collision resistant?

I'd like to double check my understanding of the collision resistance of a single unkeyed/public permutation call. I'll use two algorithms as examples, namely Ascon-PRFshort and HChaCha20. Ascon-...
samuel-lucas6's user avatar
samuel-lucas6
  • 2,270
7 votes
3 answers
556 views

XOR sum versus additive sum for parallelizable hash

Suppose we have: A function $F: \{0, 1\}^{\ell_c} \times \{0, 1\}^{\ell_x} \rightarrow \{0, 1\}^{\ell_y}$. A function $G: \{0, 1\}^{\ell_y} \rightarrow \{0, 1\}^{n}$. A sequence of data blocks $x_0, \...
Melab's user avatar
Melab
  • 4,328
0 votes
0 answers
36 views

Length block in Merkle Damgard Construction

Why is adding a length block to Merkle construction necessary? How does it affect the proof of the Merkle Damgard construction?
Crypto_Research's user avatar
Crypto_Research
  • 759

15 30 50 per page
1
2 3 4 5
52