Parallel collision search with cryptanalytic applications (Q1284011): Difference between revisions
From MaRDI portal
Added link to MaRDI item. |
Created claim: DBLP publication ID (P1635): journals/joc/OorschotW99, #quickstatements; #temporary_batch_1731543907597 |
||
(5 intermediate revisions by 4 users not shown) | |||
Property / reviewed by | |||
Property / reviewed by: Jozef Vyskoč / rank | |||
Property / reviewed by | |||
Property / reviewed by: Jozef Vyskoč / rank | |||
Normal rank | |||
Property / Wikidata QID | |||
Property / Wikidata QID: Q56388136 / rank | |||
Normal rank | |||
Property / MaRDI profile type | |||
Property / MaRDI profile type: MaRDI publication profile / rank | |||
Normal rank | |||
Property / full work available at URL | |||
Property / full work available at URL: https://doi.org/10.1007/pl00003816 / rank | |||
Normal rank | |||
Property / OpenAlex ID | |||
Property / OpenAlex ID: W2008272678 / rank | |||
Normal rank | |||
Property / DBLP publication ID | |||
Property / DBLP publication ID: journals/joc/OorschotW99 / rank | |||
Normal rank |
Latest revision as of 01:33, 14 November 2024
scientific article
Language | Label | Description | Also known as |
---|---|---|---|
English | Parallel collision search with cryptanalytic applications |
scientific article |
Statements
Parallel collision search with cryptanalytic applications (English)
0 references
22 September 2002
0 references
It is known that a broad range of cryptanalytic problems can be reduced to the problem of finding two distinct inputs \(a\) and \(b\) to a function \(f\) such that \(f(a) = f(b)\). Thus, \textit{collision search} clearly belong to a set of important cryptanalytic tools. Unfortunately, the most efficient (known) techniques for finding collisions cannot be directly parallelized efficiently. In the paper a technique for efficient parallelization of collision search is presented. First, previous methods for collision search are reviewed and their inefficient direct parallelization discussed. Particularly, the generalized \textit{rho-method} is discussed in some details. Unfortunately, the original Pollard's rho-method is inherently serial in nature and direct approaches to its parallelization do not yield linear speedup. Then, the new technique -- the general parallel collision search algorithm is presented. Two cases are considered -- finding only a small number of (random) collisions, and finding a large number of collisions. Run-time analysis of both cases is given as well. The new technique is then applied to computing discrete logarithms in cyclic groups, finding hash function collisions and to general meet-in-the-middle attack. To illustrate the use of parallel collision search for practical cryptanalytic problems, the authors also considered designs of custom machines. They have shown that within the 10 million dollars limit to build a custom machine one can find elliptic curve logarithms in \(GF(2^155)\) in expected time 32 days, to find MD5 collisions in expected time 21 days, and to perform known-plaintext attack on double-DES in expected time 4 years, i.e. about four orders of magnitude faster than the conventional approach. Based on the new attack one can conclude that double-DES offers only about 17 bits more security than single-DES.
0 references
finding collision
0 references
parallel collision search
0 references
Pollard's rho-method
0 references
cryptanalysis
0 references
discrete logarithm
0 references
meet-in-the-middle attack
0 references