1

I am trying to figure out how to evaluate the security of a hash function. If I have defined a candidate hash function: $$H(x) = α^x\text{ mod }p$$ how do I then evaluate it with respect to collision attacks, second preimage attacks, and preimage attacks? Hope someone can help

JamesTheAwesomeDude
  • 930
  • 5
  • 22
nfreio
  • 11
  • 1
  • 3
    Welcome to Cryptography.SE. Does the domain is restricted? What did you try up to now? Can you find $x$ and $y$ such that $a^x = x^y$ easily? Hint: Little Fermat! – kelalaka May 19 '21 at 10:57
  • 1
    Note that a hash is a particular kind of one-way function, optimized for computational applications. I assume you're trying to construct and evaluate OWFs in the general case? – JamesTheAwesomeDude May 20 '21 at 17:21
  • I’m voting to close this question because a full description of how to analyze a hash function that is not secure is not needed. Please have a look at the SHA-3 competition to see what you're up against. – Maarten Bodewes Jun 01 '21 at 22:12

1 Answers1

1

If $x=y \mod \phi(p)$, then $H(x)= H(y)$. Then it doesn't seem collision resistant. For the same reason not second preimage attacks. $H(x + \phi(p))= H(y)$. (If $p$ is prime $\phi(p)=p-1$, thus it's easy to compute it).

About the preimage attack, it's completely equivalent to discrete logarithm in $\mathbb{Z}^{\star}_p$, then you have to be carrefull about the choice of $p$ (basically $p-1$ should have a huge factor).

Ievgeni
  • 2,585
  • 1
  • 10
  • 32