hash functions preimage and second collision resistance

Question

A hash function H is secure in terms of pre-image resis-tance. Does this imply that H has second pre-image (aka weak collision) resistance?

Hint: Look at what is broken about MD5. – SEJPM Oct 04 '15 at 18:29 — SEJPM, Oct 04 '15 at 18:29

score 0 · Answer 1 · answered Oct 04 '15 at 20:35

0

No, the implication is wrong.
Pre-image resistance means that it is not possible to calculate a pre-image from the image alone. But this does not exclude the existence of an algorithm, which calculates a second pre-image, given the image and the first pre-image.

answered Oct 04 '15 at 20:35

Ok I get your point now...trying to understand it better. THanks – iverson Oct 04 '15 at 21:31
So what could be a concrete answer to the question please? – iverson Oct 04 '15 at 21:39

score 0 · Accepted Answer · answered Oct 05 '15 at 00:53

Assume we are given a one-way function $f: \{0,1\}^m \rightarrow \{0,1\}^n$. Now consider the function $f': \{0,1\}^{m+1} \rightarrow \{0,1\}^n$ that simply applies $f$ to the first $m$ input bits and ignores the last bit. This function is still one-way / preimage resistant as a preimage finder $A$ for $f'$ immediately leads a preimage finder $A'$ for $f$ ($A'$ simply runs $A$ and returns the first $m$ bits of its output). On the other hand, it is trivial to find second-preimages for $f'$: Simply flip the last bit.

hash functions preimage and second collision resistance

2 Answers2