Annual International Cryptology Conference

CRYPTO 2004: Advances in Cryptology – CRYPTO 2004 pp 306-316

Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions

  • Antoine Joux
Conference paper

DOI: 10.1007/978-3-540-28628-8_19

Volume 3152 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Joux A. (2004) Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions. In: Franklin M. (eds) Advances in Cryptology – CRYPTO 2004. CRYPTO 2004. Lecture Notes in Computer Science, vol 3152. Springer, Berlin, Heidelberg

Abstract

In this paper, we study the existence of multicollisions in iterated hash functions. We show that finding multicollisions, i.e. r-tuples of messages that all hash to the same value, is not much harder than finding ordinary collisions, i.e. pairs of messages, even for extremely large values of r. More precisely, the ratio of the complexities of the attacks is approximately equal to the logarithm of r. Then, using large multicollisions as a tool, we solve a long standing open problem and prove that concatenating the results of several iterated hash functions in order to build a larger one does not yield a secure construction. We also discuss the potential impact of our attack on several published schemes. Quite surprisingly, for subtle reasons, the schemes we study happen to be immune to our attack.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Antoine Joux
    • 1
  1. 1.DCSSI Crypto LabParis 07 SPFrance