Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [collision-resistance]

Difficulty of finding two different inputs that hash to the same value

Collision resistance is a security property of cryptographic hash functions. A hash function $H$ is said to be collision resistant if it is computationally infeasible to find two input strings $s$ and $s'$ such that $s' \ne s$ but $H(s') = H(s)$.

Collision resistance is one of the strongest security properties usually demanded of hash functions: a collision resistant hash function is automatically also first and second preimage resistant.

Collision resistance is also called strong-collision.

See also: ,

727 questions
3
votes
1 answer

Birthday attack to find near collision

Follow up on this question: How efficient are the generic attacks regarding near-collision-resistance? Let $H:\{0,1\}^∗→\{0,1\}^n$ be a cryptographically secure hash function. Let $k\in \mathbb{N}$ be $0 \leq k \leq n$. Without further details, how…
DiamondDuck
  • 403
  • 3
  • 17
2
votes
1 answer

Probability for collisions of a one-way compression function

Given a one-way compression function $h:\{0,1\}^n \rightarrow \{0,1\}^m$ and an attacker that picks $x_1 \ldots x_t \in \{0,1\}^n$ (uniformly distributed), I have to show that the probability to find a collision in the picked elements is smaller…
Zoidberg
  • 121
  • 2
2
votes
1 answer

concerning collision-resistant hash function

Let H, H' be collision-resistant hash functions. Which of the following functions H'' is NOT necessarily collision-resistant? 1) H''(x) = H(H'(x)) 2) H''(x) = H(x)||H'(x), where || denotes concatenation. 3) H''(x) = H(x)||0...0, where || denotes…
Ahmed Samy
  • 121
  • 3
2
votes
2 answers

Do hash collisions persist if a file is modified?

Suppose I use a relatively insecure hash algorithm to digitally sign a contract. Suppose also that creating a fraudulent contract with the same hash, a collision, is practical. As I understand, in order to take advantage of a hash collision, the…
kballing
  • 21
  • 1
2
votes
1 answer

Ideas for non duplicate cryptographically secure numbers

My Boss asked me this today. I am not a math major. He needs to generate 50 billion non-sequential non-duplicate (no collisions) cryptographically secure random numbers. I work in GO. Any ideas?
LostinMath
  • 21
  • 1
2
votes
1 answer

Difficulty of finding a claw for AES-CMAC

Consider the problem of finding two keys K1 and K2, such that for two distinct plaintexts P1 and P2, AES-CMAC(K1, P1) = AES-CMAC(K2, P2). Is this problem any easier than brute-forcing? If so, how much easier? Edit: plaintexts P1 and P2 are inputs to…
Bogdan Alexandru
  • 183
  • 7
1
vote
1 answer

can you generate an ID number quickly, with no collisions, and without IDs revealing information?

Is there a standard way to generate ID numbers one after the other such that: You can guarantee, or almost guarantee, that you avoid collisions. (By "almost guarantee", I mean for example if you generated completely random 24-digit numbers, and…
Bennett
  • 165
  • 5
1
vote
2 answers

Is the composition of collision resistant functions H' = h1(h2()) collision resistant?

Suppose there are two collision-resistant hash functions $h_1$ and $h_2$ with output sizes of $n_1$ and $n_2$ respectively. Is $H'(x) = h_1(h_2(x))$ collision resistant for the different relationships between $n_1$ and $n_2$? This has been…
John St
  • 11
  • 4
1
vote
0 answers

Are the hash functions collosion resistant or not?

If H is collision resistant then the following are collision resistant or not? H'(x) = H(x) || H(x) H'(x) = 1 || H(x) My thoughts: I am confused in question 1. In case of different hash function(H'(x) = H1(x) || H2(x)) we can safely conclude that…
Nathan Anatoli
  • 11
  • 2
1
vote
1 answer

Is exponentiation of a fixed generator modulo a prime collision-resistant?

Let $p$ be a prime number, and $g$ a generator of $\mathbb Z/p\mathbb Z$. For a message $m$, define the hash function $$h(m) = g^m \pmod p.$$ Is $h$ collision-resistant?
mariyana.
  • 113
  • 2
1
vote
1 answer

Which of the following hash functions is collision resistant?

Let $H: M \to T\ $ be a collision resistant hash function. Which of the following is collision resistant: $ 1.H'(m) = H(m \big\| m)$ $2.H'(m) = H(m) \big\| H(0)$ $3.H'(m) = H(m) \oplus H(m)$ $4.H'(m) = H(H(m))$ $5.H'(m) = H(0)$ $6.H'(m) =…
KrasivaM
  • 45
  • 1
  • 3
1
vote
0 answers

MD Construction Doesn't Propagate TCR

I'm reading a proof of the proposition of CollisionResistant Hashing Towards Making UOWHFs Practical Suppose there exists a compression function $F: \Sigma^k\times\Sigma^{c+m'} \rightarrow \Sigma^c$ with $m'>k$ such that $F$ is…
juaninf
  • 2,701
  • 2
  • 18
  • 28
1
vote
1 answer

Is a single 256 bits hash table in which the digests are from mixed cryptographic hashing algorithms still considered collision resistant?

Consider a single hash table containing digests from about 10 different 256 bits cryptographic hashing functions, like SHA256, SHA3, KECCACK256, BLAKE2, BLAKE3, etc... Is such table still considered collision resistant? I am inclined to think so,…
Rafael Werlang
  • 13
  • 2
0
votes
2 answers

How to prove truncated MD (or chop MD) hash function is collision resistant?

We have a collision resistant hash function (based MD construction) H with 2n bits hash value size. Call chop(H) is a chopping n-bits from H's hash output. How can I prove a chop(H) is collision resistant with n-bit?
user80059
  • 1
0
votes
0 answers

Collision resistance

I have function with input 128 bit and output 64 bit that hash the header and hash the payload then concatenating them after that hash the result so my question is does this pass the collision security requirement? or it fail because the attacker…
Adam
  • 1
  • 1
1
2