Parallel Collision Search with Cryptanalytic Applications

@article{Oorschot2013ParallelCS,
  title={Parallel Collision Search with Cryptanalytic Applications},
  author={Paul C. van Oorschot and Michael J. Wiener},
  journal={Journal of Cryptology},
  year={2013},
  volume={12},
  pages={1-28}
}
Abstract. A simple new technique of parallelizing methods for solving search problems which seek collisions in pseudorandom walks is presented. This technique can be adapted to a wide range of cryptanalytic problems which can be reduced to finding collisions. General constructions are given showing how to adapt the technique to finding discrete logarithms in cyclic groups, finding meaningful collisions in hash functions, and performing meet-in-the-middle attacks such as a known-plaintext attack… 
On the Cryptanalysis of Public-Key Cryptography
TLDR
The elliptic curve method (ECM) for integer factorization is the asymptotically fastest method to find relatively small factors of large integers and the performance of ECM gives information about secure parameter choices of some cryptographic protocols.
Design and Analysis of Multi-Block-Length Hash Functions
TLDR
This thesis studies the collision and preimage resistance of certain types of multi-call multi-block-length primitive-based compression (and the corresponding Merkle-Damgard iterated hash) functions and provides a novel framework for blockcipher- based compression functions that compress 3n bits to 2n bits and that use two calls to a 2n-bit key blockciphers with block-length n.
Genetic programming for improved cryptanalysis of elliptic curve cryptosystems
TLDR
This paper considers how to speed up the Rho process by modifying a key component: the iterating function, which is the part of the algorithm responsible for determining what point is considered next when looking for a collision.
On the Cost of ASIC Hardware Crackers: A SHA-1 Case Study
TLDR
It is shown that an ASIC cluster costing a few millions would be able to generate chosen- prefix collisions in a day or even in a minute, and extends the attack surface to TLS and SSH, for which the chosen-prefix collision would need to be generated very quickly.
Cryptanalysis of Hash Functions
TLDR
A new family of sponge-based lightweight hash function called spongent is proposed and its security analysis is presented by applying the most important state-of-the-art methods of cryptanalysis and by investigating their complexity.
Elliptic Curve Cryptography using Computational Intelligence
TLDR
This study considers how to speed up the Rho process by modifying a key component: the iterating function, which is the part of the algorithm responsible for determining what point is considered next when looking for the solution to the ECDLP.
How to Meet Ternary LWE Keys
  • Alexander May
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2021
TLDR
This work substantially improves on Odlyzko’s Meet-in-the-Middle approach, using the representation technique developed for subset sum algorithms, and benefits from larger LWE field sizes q, as they are often used in modern lattice-based signatures.
A Study of Efficient Algorithms for Speeding up Elliptic Curve Cryptosystems in Mobile Environments
  • Computer Science, Mathematics
  • 2014
TLDR
A more efficient approach than LLECC method is proposed to reduce the storage of precomputed values, and an efficient algorithm based on the nonadjacent form (NAF) representation and Multidoubling is proposed for speeding up the scalar multiplication of elliptic curves.
New Collision Attacks on SHA-1 Based on Optimal Joint Local-Collision Analysis
TLDR
Novel techniques are introduced that enable us to determine the theoretical maximum success probability for a given set of (dependent) local colli- sions, as well as the smallest set of message conditions that attains this probability.
...
...

References

SHOWING 1-10 OF 57 REFERENCES
Parallel collision search with application to hash functions and discrete logarithms
TLDR
A simple new method of parallelizing collision searches that greatly extends the reach of practical attacks and ideas from Pollard's rho and lambda methods for index computation are combined to allow efficient parallel implementation using the new method.
Efficient DES Key Search
TLDR
It is shown how to build an exhaustive DES key search machine for $1 million that can find a key in 3.5 hours on average, and it would be prudent in many applications to use DES in a triple-encryption mode.
Improving Implementable Meet-in-the-Middle Attacks by Orders of Magnitude
TLDR
A technique based on parallel collision search is described which requires O(√n/w) times fewer operations and O(n/W) times less memory accesses than previous approaches to meet-in-the-middle attacks.
Is the Data Encryption Standard a group? (Results of cycling experiments on DES)
TLDR
Two statistical tests are presented for determining if an indexed set of permutations acting on a finite message space forms a group under functional composition, and experiments show, with overwhelming confidence, that DES is not a group.
A cryptanalytic time-memory trade-off
  • M. Hellman
  • Computer Science, Mathematics
    IEEE Trans. Inf. Theory
  • 1980
TLDR
A probabilistic method is presented which cryptanalyzes any N key cryptosystem in N 2/3 operational with N2/3 words of memory after a precomputation which requires N operations, and works in a chosen plaintext attack and can also be used in a ciphertext-only attack.
RIPEMD-160: A Strengthened Version of RIPEMD
TLDR
A new version of RIPEMD with a 160-bit result is proposed, as well as a plug-in substitute for RIPEMd with a 128- bit result, and the software performance of several MD4-based algorithms is compared.
Cryptanalysis of MD4
TLDR
The methods developed to attack RIPEMD can be modified and supplemented such that it is possible to break the full MD4, while previously only partial attacks were known.
An Implementation of Elliptic Curve Cryptosystems Over F2155
The authors describe a VLSI Galois field processor and how it can be applied to the implementation of elliptic curve groups. They demonstrate the feasibility of constructing very fast, and very
Efficient signature generation by smart cards
  • C. Schnorr
  • Computer Science, Mathematics
    Journal of Cryptology
  • 2004
TLDR
An efficient algorithm that preprocesses the exponentiation of a random residue modulo p is presented, which improves the ElGamal signature scheme in the speed of the procedures for the generation and the verification of signatures and also in the bit length of signatures.
Cryptography and Data Security
TLDR
The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.
...
...