A Formula That Generates Hash Collisions
Andrew Brockmann
TL;DR
This paper introduces an explicit formula capable of generating hash collisions for Merkle-Damgård hash functions, challenging the conventional understanding of collision resistance despite limited practical implications.
Contribution
The paper provides a novel explicit formula for producing hash collisions that applies broadly, questioning the robustness of collision resistance in certain hash functions.
Findings
The formula can generate collisions for arbitrary message blocks.
It works regardless of standardized constants used in hash functions.
Practical collision generation remains infeasible due to exponential message length.
Abstract
We present an explicit formula that produces hash collisions for the Merkle-Damg{\aa}rd construction. The formula works for arbitrary choice of message block and irrespective of the standardized constants used in hash functions, although some padding schemes may cause the formula to fail. This formula bears no obvious practical implications because at least one of any pair of colliding messages will have length double exponential in the security parameter. However, due to ambiguity in existing definitions of collision resistance, this formula arguably breaks the collision resistance of some hash functions.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptographic Implementations and Security · Advanced Malware Detection Techniques · Chaos-based Image/Signal Encryption