# Parallel Collision Search with Cryptanalytic Applications

@article{Oorschot2013ParallelCS, title={Parallel Collision Search with Cryptanalytic Applications}, author={Paul C. van Oorschot and Michael J. Wiener}, journal={Journal of Cryptology}, year={2013}, volume={12}, pages={1-28} }

Abstract. A simple new technique of parallelizing methods for solving search problems which seek collisions in pseudorandom walks is presented. This technique can be adapted to a wide range of cryptanalytic problems which can be reduced to finding collisions. General constructions are given showing how to adapt the technique to finding discrete logarithms in cyclic groups, finding meaningful collisions in hash functions, and performing meet-in-the-middle attacks such as a known-plaintext attack…

## 348 Citations

On the Cryptanalysis of Public-Key Cryptography

- Computer Science, Mathematics
- 2012

The elliptic curve method (ECM) for integer factorization is the asymptotically fastest method to find relatively small factors of large integers and the performance of ECM gives information about secure parameter choices of some cryptographic protocols.

Design and Analysis of Multi-Block-Length Hash Functions

- Computer Science, Mathematics
- 2012

This thesis studies the collision and preimage resistance of certain types of multi-call multi-block-length primitive-based compression (and the corresponding Merkle-Damgard iterated hash) functions and provides a novel framework for blockcipher- based compression functions that compress 3n bits to 2n bits and that use two calls to a 2n-bit key blockciphers with block-length n.

Genetic programming for improved cryptanalysis of elliptic curve cryptosystems

- Computer Science, Mathematics2017 IEEE Congress on Evolutionary Computation (CEC)
- 2017

This paper considers how to speed up the Rho process by modifying a key component: the iterating function, which is the part of the algorithm responsible for determining what point is considered next when looking for a collision.

Efficient many-core architecture design for cryptanalytic collision search on FPGAs

- Computer Science, MathematicsJ. Inf. Secur. Appl.
- 2018

On the Cost of ASIC Hardware Crackers: A SHA-1 Case Study

- Computer Science, MathematicsCT-RSA
- 2021

It is shown that an ASIC cluster costing a few millions would be able to generate chosen- prefix collisions in a day or even in a minute, and extends the attack surface to TLS and SSH, for which the chosen-prefix collision would need to be generated very quickly.

Elliptic Curve Cryptography using Computational Intelligence

- Computer Science, Mathematics
- 2017

This study considers how to speed up the Rho process by modifying a key component: the iterating function, which is the part of the algorithm responsible for determining what point is considered next when looking for the solution to the ECDLP.

Cryptanalysis of Hash Functions

- Computer Science, Mathematics
- 2013

A new family of sponge-based lightweight hash function called spongent is proposed and its security analysis is presented by applying the most important state-of-the-art methods of cryptanalysis and by investigating their complexity.

How to Meet Ternary LWE Keys

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

This work substantially improves on Odlyzko’s Meet-in-the-Middle approach, using the representation technique developed for subset sum algorithms, and benefits from larger LWE field sizes q, as they are often used in modern lattice-based signatures.

A Study of Efficient Algorithms for Speeding up Elliptic Curve Cryptosystems in Mobile Environments

- Computer Science, Mathematics
- 2014

A more efficient approach than LLECC method is proposed to reduce the storage of precomputed values, and an efficient algorithm based on the nonadjacent form (NAF) representation and Multidoubling is proposed for speeding up the scalar multiplication of elliptic curves.

New Collision Attacks on SHA-1 Based on Optimal Joint Local-Collision Analysis

- Computer Science, MathematicsEUROCRYPT
- 2013

Novel techniques are introduced that enable us to determine the theoretical maximum success probability for a given set of (dependent) local colli- sions, as well as the smallest set of message conditions that attains this probability.

## References

SHOWING 1-10 OF 57 REFERENCES

Parallel collision search with application to hash functions and discrete logarithms

- Computer Science, MathematicsCCS '94
- 1994

A simple new method of parallelizing collision searches that greatly extends the reach of practical attacks and ideas from Pollard's rho and lambda methods for index computation are combined to allow efficient parallel implementation using the new method.

Efficient DES Key Search

- Computer Science
- 1994

It is shown how to build an exhaustive DES key search machine for $1 million that can find a key in 3.5 hours on average, and it would be prudent in many applications to use DES in a triple-encryption mode.

Improving Implementable Meet-in-the-Middle Attacks by Orders of Magnitude

- Computer ScienceCRYPTO
- 1996

A technique based on parallel collision search is described which requires O(√n/w) times fewer operations and O(n/W) times less memory accesses than previous approaches to meet-in-the-middle attacks.

Is the Data Encryption Standard a group? (Results of cycling experiments on DES)

- Computer Science, MathematicsJournal of Cryptology
- 2004

Two statistical tests are presented for determining if an indexed set of permutations acting on a finite message space forms a group under functional composition, and experiments show, with overwhelming confidence, that DES is not a group.

A cryptanalytic time-memory trade-off

- Computer Science, MathematicsIEEE Trans. Inf. Theory
- 1980

A probabilistic method is presented which cryptanalyzes any N key cryptosystem in N 2/3 operational with N2/3 words of memory after a precomputation which requires N operations, and works in a chosen plaintext attack and can also be used in a ciphertext-only attack.

RIPEMD-160: A Strengthened Version of RIPEMD

- Computer ScienceFSE
- 1996

A new version of RIPEMD with a 160-bit result is proposed, as well as a plug-in substitute for RIPEMd with a 128- bit result, and the software performance of several MD4-based algorithms is compared.

Cryptanalysis of MD4

- Computer Science, MathematicsFSE
- 1996

The methods developed to attack RIPEMD can be modified and supplemented such that it is possible to break the full MD4, while previously only partial attacks were known.

An Implementation of Elliptic Curve Cryptosystems Over F2155

- Mathematics, Computer ScienceIEEE J. Sel. Areas Commun.
- 1993

The authors describe a VLSI Galois field processor and how it can be applied to the implementation of elliptic curve groups. They demonstrate the feasibility of constructing very fast, and very…

Efficient signature generation by smart cards

- Computer Science, MathematicsJournal of Cryptology
- 2004

An efficient algorithm that preprocesses the exponentiation of a random residue modulo p is presented, which improves the ElGamal signature scheme in the speed of the procedures for the generation and the verification of signatures and also in the bit length of signatures.

Cryptography and Data Security

- Computer Science
- 1982

The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.