Abstract
The Zémor-Tillich hash function has remained unbroken since its introduction at CRYPTO’94. We present the first generic collision and preimage attacks against this function, in the sense that the attacks work for any parameters of the function. Their complexity is the cubic root of the birthday bound; for the parameters initially suggested by Tillich and Zémor they are very close to being practical. Our attacks exploit a separation of the collision problem into an easy and a hard component. We subsequently present two variants of the Zémor-Tillich hash function with essentially the same collision resistance but reduced outputs of 2n and n bits instead of the original 3n bits. Our second variant keeps only the hard component of the collision problem; for well-chosen parameters the best collision attack on it is the birthday attack.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Abdukhalikov, K.S., Kim, C.: On the security of the hashing scheme based on SL2. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 93–102. Springer, Heidelberg (1998)
Charnes, C., Pieprzyk, J.: Attacking the SL2 hashing scheme. In: Safavi-Naini, R., Pieprzyk, J.P. (eds.) ASIACRYPT 1994. LNCS, vol. 917, pp. 322–330. Springer, Heidelberg (1995)
Geiselmann, W.: A note on the hash function of Tillich and Zémor. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 51–52. Springer, Heidelberg (1996)
Lenstra, H.W.J.L.L., Lenstra, A.K.: Factoring polynomials with rational coefficients. Mathematische Annalen 261(5), 515–534 (1982)
Petit, C., Veyrat-Charvillon, N., Quisquater, J.-J.: Efficiency and Pseudo-Randomness of a Variant of Zémor-Tillich Hash Function. In: IEEE International Conference on Electronics, Circuits, and Systems, ICECS 2008 (2008)
Quisquater, J.-J., Delescaille, J.-P.: How easy is collision search? Application to DES. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 429–434. Springer, Heidelberg (1990)
Shamir, A.: Random graphs in cryptography. In: Invited talk at Asiacrypt 2006 (2006)
Steinwandt, R., Grassl, M., Geiselmann, W., Beth, T.: Weaknesses in the \({\rm SL}_2({\mathbb F}_{2^n})\) hashing scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, p. 287. Springer, Heidelberg (2000)
Tillich, J.-P., Zémor, G.: Hashing with SL 2. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 40–49. Springer, Heidelberg (1994)
Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288–303. Springer, Heidelberg (2002)
Yuval, G.: How to swindle Rabin. Cryptologia 3, 187–189 (1979)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Petit, C., Quisquater, JJ., Tillich, JP., Zémor, G. (2009). Hard and Easy Components of Collision Search in the Zémor-Tillich Hash Function: New Attacks and Reduced Variants with Equivalent Security. In: Fischlin, M. (eds) Topics in Cryptology – CT-RSA 2009. CT-RSA 2009. Lecture Notes in Computer Science, vol 5473. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00862-7_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-00862-7_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00861-0
Online ISBN: 978-3-642-00862-7
eBook Packages: Computer ScienceComputer Science (R0)