Birthday Paradox for Multi-collisions
In this paper, we study multi-collision probability. For a hash function H:D →R with |R|=n, it has been believed that we can find an s-collision by hashing Q=n ( s − − 1)/ s times. We first show that this probability is at most 1/s! which is very small for large s. We next show that by hashing (s!)1/ s ×Q times, an s-collision is found with probability approximately 0.5 for sufficiently large n. Note that if s=2, it coincides with the usual birthday paradox. Hence it is a generalization of the birthday paradox to multi-collisions.
Keywordshash function birthday paradox multi-collision collision resistant
Unable to display preview. Download preview PDF.
- 4.Girault, M., Stern, J.: On the Length of Cryptographic Hash-Values Used in Identification Schemes. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 202–215. Springer, Heidelberg (1994)Google Scholar
- 5.Joux, A.: Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)Google Scholar
- 6.Rivest, R., Shamir, A.: PayWord and MicroMint: Two Simple Micropayment Schemes. In: Security Protocols Workshop 1996, pp. 69–87 (1996)Google Scholar