0

Suppose I have the following hash function: $\newcommand{\md}[1]{\text{md#1}} \newcommand{\H}{\text{H}}$

$$\H(x, y) = \md{5}(x) \oplus \md{4}(y)$$

How can I prove it's collision proof?

I tried to say "lets assume we have an oracle which know how to find a collision/pre image of $\H$" and find an algorithm to find $\md5$ collision. I didn't manage to find such algorithm.

How can it be proved?

Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313
MyNick
  • 101
  • 2
  • 3
    Actually, a standard birthday attack would take circa $2^{64}$ hash evaluations - plausible for some real-world entities... – poncho Dec 11 '19 at 15:26
  • 3
    Hint: when asked to prove something, first question if it is true or false. That'll get you a grasp on the problem. – fgrieu Dec 11 '19 at 15:34
  • I couldn't find a way to make a collision. Thus, the hint isn't usefull for me – MyNick Dec 11 '19 at 16:29
  • Hint2: in a mind experiment, fix one of the arguments (e.g. to empty), and examine what it would take to exhibit a collision with what remains. Is that within the state of the art? – fgrieu Dec 11 '19 at 16:58
  • For example, if I fix y to some value then md4(y) is constant as well. Now the question is the same as finding a collision in md5 which we know is not physical. – MyNick Dec 11 '19 at 17:03
  • 2
    You seem to think that md5 is collision resistant. I have bad news for you. – Maeher Dec 11 '19 at 17:37
  • For the purpose of this homework it will be good enough. It doesn't matter if it says md5 or sha3 in the question. The point is the same as far as i understand – MyNick Dec 11 '19 at 17:52
  • 1
    Well then fix $x$. Finding collisions in md4 is even simpler. It apparently takes less than 2 md4 invocations to find fresh md4 collisions. – Maeher Dec 11 '19 at 18:03
  • @MyNick Your point is wrong, as it matters to this question if the hash functions are collision resistant or not. If two known insecure hash functions are explicitly mentioned instead of just $H$ then you should be able to infer that something may be amiss. Crypto requires a strong skeptic, your brain should flare seeing something like this. – Maarten Bodewes Dec 12 '19 at 14:11

0 Answers0