F.F.T. Hashing is not Collision-free
- 1.6k Downloads
The FFT Hashing Function proposed by C.P. Schnorr  hashes messages of arbitrary length into a 128-bit hash value. In this paper, we show that this function is not collision free, and we give an example of two distinct 256-bit messages with the same hash value. Finding a collision (in fact a large family of, colliding messages) requires approximately 223 partial computations of the hash function, and takes a few hours on a SUN3- workstation, and less than an hour on a SPARC-workstation.
A similar result discovered independently has been announced at the Asiacrypt’91 rump session by Daemen-Bosselaers-Govaerts-Vandewalle .
- C.P. SCHNORR; FFT-Hashing: An Efficient Cryptographic Hash Function; July 15, 1991 (This paper was presented at the rump session of the CRYPTO’91 Conference, Santa Barbara, August, 11–15, 1991)Google Scholar
- DAEMEN-BOSSELAERS-GOVAERTS-VANDEWALLE: Announcement made at the rump session of the ASIACRYPT’ 91 Conference, Fujiyoshida, Japan, November 11–14, 1991)Google Scholar