Using Random Error Correcting Codes in Near-Collision Attacks on Generic Hash-Functions

  • Inna Polak
  • Adi Shamir
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8885)


In this paper we consider the problem of finding near- collisions with Hamming distance bounded by \(r\) in generic \(n\)-bit hash functions. In 2011, Lamberger and Rijmen proposed a modified version of Pollard’s rho method, and in 2012 Leurent improved this memoryless algorithm by using any available memory to store chain endpoints. Both algorithms use a perfect error correcting code to change near-collisions into full-collisions, but such codes are rare and have very small distance. In this paper we propose using randomly chosen linear codes, whose decoding can be made efficient by using some of the available memory to store error-correction tables. Compared to Leurent’s algorithm, we experimentally verified an improvement ratio of about \(3\) in a small example with \(n=160\) and \(r=33\) which we implemented on a single PC, and mathematically predicted a significant improvement ratio of about \(730\) in a larger example with \(n=1024\) and \(r=100\), using \(2^{40}\) memory.


Hash function Near-collision Random-code Time- memory trade-off Generic attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Biham, E., Chen, R.: Near-collisions of sha-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Brent, R.P.: An improved monte carlo factorization algorithm. BIT Numerical Mathematics 20(2), 176–184 (1980)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Chabaud, F., Joux, A.: Differential collisions in sha-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. 4.
    Gordon, D.M., Miller, V.S., Ostapenko, P.: Optimal hash functions for approximate matches on the-cube. IEEE Transactions on Information Theory 56(3), 984–991 (2010)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Shamir, A., Polak, I.: Using random error correcting codes in near-collision attacks on generic hash-functions. Cryptology ePrint Archive, Report 2014/417 (2014).
  6. 6.
    Jakobsson, M., Juels, A.: Proofs of work and bread pudding protocols. In: Preneel, B. (ed.) Secure Information Networks. IFIP, vol. 23, pp. 258–272. Springer, Boston (1999)CrossRefGoogle Scholar
  7. 7.
    Knuth, D.E.: Seminumerical algorithm (arithmetic) the art of computer programming, vol. 2 (1981)Google Scholar
  8. 8.
    Lamberger, M., Mendel, F., Rijmen, V., Simoens, K.: Memoryless near-collisions via coding theory. Designs, Codes and Cryptography 62(1), 1–18 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Lamberger, M., Rijmen, V.: Optimal covering codes for finding near-collisions. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 187–197. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Lamberger, M., Teufl, E.: Memoryless near-collisions, revisited. Information Processing Letters 113(3), 60–66 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Leurent, G.: Time-memory trade-offs for near-collisions. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 205–218. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  12. 12.
    MacWilliams, F.J., Sloane, N.J.A.: The theory of error-correcting codes, vol. 16. Elsevier (1977)Google Scholar
  13. 13.
    Mendel, F., Schläffer, M.: On free-start collisions and collisions for TIB3. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 95–106. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  14. 14.
    Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system. Consulted 1, 2012 (2008)Google Scholar
  15. 15.
    Nivasch, G.: Cycle detection using a stack. Information Processing Letters 90(3), 135–140 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Pramstaller, N., Rechberger, C., Rijmen, V.: Exploiting coding theory for collision attacks on sha-1. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 78–95. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Quisquater, J.-J., Delescaille, J.-P.: How easy is collision search. new results and applications to des. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 408–413. Springer, Heidelberg (1990)Google Scholar
  18. 18.
    Sedgewick, R., Szymanski, T.G., Yao, A.C.: The complexity of finding cycles in periodic functions. SIAM Journal on Computing 11(2), 376–390 (1982)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Stevens, M., Sotirov, A., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D.A., de Weger, B.: Short chosen-prefix collisions for md5 and the creation of a rogue CA certificate. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 55–69. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. 20.
    Van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. Journal of Cryptology 12(1), 1–28 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Yuval, G.: How to swindle rabin. Cryptologia 3(3), 187–191 (1979)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Department of Computer Science and Applied MathematicsWeizmann Institute of ScienceRehovotIsrael

Personalised recommendations