Questions tagged [birthday-attack]

A birthday attack is a cryptanalytic technique. Birthday attacks can be used to find collisions in a cryptographic hash function. For instance, suppose we have a hash function which, when supplied with a random input, returns one of $k$ equally likely values. By repeatedly evaluating the function on $1.2\sqrt{k}$ different inputs, it is likely we will find some pair of inputs that produce the same output (a collision).

Birthday attacks are a class of brute-force techniques used in an attempt to solve a class of cryptographic hash function problems. These methods take advantage of functions which, when supplied with a random input, return one of k equally likely values. By repeatedly evaluating the function for different inputs, the same output is expected to be obtained after about $1.2\sqrt{k}$ evaluations.

A simple approach of finding a collision in a hash function is to look for a second preimage:

An initial value $I$ is picked and the hash $H_I$ is calculated.
Further values are picked and their hash is compared to $H_I$.

An attack based on the birthday paradox is more efficient to find a collision: It compares the new hash value of each round with all the hash values that have been calculated earlier.

Birthday paradox in Wikipedia
Birthday attack in Wikipedia

93 questions

votes

2 answers

What does this paraphrase of the birthday problem mean?

The following is an excerpt from A Generalized Birthday Problem - David Wagner: One of the best-known combinatorial tools in cryptology is the birthday problem: Problem 1. Given two lists $L_1, \space L_2$ of elements drawn uniformly and…

birthday-attack

asked Mar 22 '19 at 03:20

SedriX

votes

2 answers

What is the error in this collision probability approximation?

Theorem: Choose $Q$ random natural numbers in the set $\{1,2, \dots, M\}.$ The probability of getting at least one collision is $$P_C(Q) = 1 - \frac{M - (Q - 1)}{M} P_{\neg C}(Q-1).$$ Notation: By $P_C$, I mean the probability of getting a…

birthday-attack

asked Jan 07 '19 at 19:09

user45491

votes

1 answer

Locker room birthday paradox

The local YMCA has new locker rooms with built-in 3-digit combination locks. If I understand the Birthday Paradox correctly, I have a better than 50% chance of finding a lock combination with 33 tries on a given lock. (The lock combination gets set…

birthday-attack

asked Feb 07 '17 at 22:10

Edward Barnard

votes

2 answers

Why k-lists generalized birthday problem when $k=2$ is classical birthday problem?

David Wagner in his article A Generalized Birthday Problem in CRYPTO 2002 says that in k-dimensional (also k-lists) generalization of birthday problem (GBP), when $k=2$ "this is just the extremely well-known birthday problem." Why is that so? As I…

birthday-attack

asked Jul 28 '16 at 18:31

catpnosis

votes

1 answer

Which answer is true regarding birthday attack on digital signatures?

The actual question is: A sender $S$ sends a message $m$ to receiver $R$, which is digitally signed by $S$ with its private key. In this scenario, one or more of the following security violations can take place. (I) $S$ can launch a birthday attack…

birthday-attack

asked Jan 26 '18 at 16:29

poda_badu

votes

2 answers

Can the birthday attack be extended in this case?

Let $H:\{0,1\}^*\to\{0,1\}^n$ be a cryptographic hash function as a black-box, and suppose we have unlimited space. As I understand, finding $x$ such that $H(x)=0$ (if such exists) would require a preimage attack, and avg. time $O(2^n)$ (linear in…

birthday-attack

asked Jun 15 '17 at 20:40

user45323

vote

1 answer

Are MACs vulnerable to birthday attacks?

Às the title already indicates, I would like to know: Are MACs vulnerable to birthday attacks?

birthday-attack

asked Jul 12 '17 at 09:37

Bruno Lourenço

vote

2 answers

Birthday Attack with probability of 1

According to Wikipedia, $n(p;H)\approx \sqrt{2H\ln\frac{1}{1-p}}$ Let n(p; H) be the smallest number of values we have to choose, such that the probability for finding a collision is at least p. What if I wants my probability to be 1? In this case,…

birthday-attack

asked Nov 12 '16 at 05:11

Calvin

vote

1 answer

Mathematical calculation to determine probability of observing the character space used for a set of string inputs

I am designing some methodology to determine the composition of wireless router security passphrases in terms of the character space used to generate them. The problem I am having is I am unsure what formula or technique I can use to calculate the…

birthday-attack

asked Aug 23 '16 at 21:49

Jukan Manya

votes

1 answer

How many hashes for high probability of finding a collision (specific case)?

Suppose Bob managed to obtain 220 different digests that were generated by a hash function employed by a target system. The hash function outputs 8-byte digest of a message. Bob now wants to find a message that hashes into 1 (one) of the obtained…

birthday-attack

asked Sep 24 '19 at 09:01

wongsimon

-2

votes

1 answer

birthday attack again

Suppose that we have a d-bit hashing function, and assume that the dimensionality of the input space is unbounded. The probability of finding a collision in 2d/2 steps is 1/2, and we call this a “birthday attack”. Therefore success in one birthday…

birthday-attack

asked Apr 26 '17 at 16:00

messi