Hard and easy components of collision search in the Źemor-tillich hash function: New attacks and reduced variants with equivalent security

Christophe Petit*, Jean Jacques Quisquater, Jean Pierre Tillich, Gilles Źemor

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The Zémor-Tillich hash function has remained unbroken since its introduction at CRYPTO'94.We present the first generic collision and preimage attacks against this function, in the sense that the attacks work for any parameters of the function. Their complexity is the cubic root of the birthday bound; for the parameters initially suggested by Tillich and Zémor they are very close to being practical. Our attacks exploit a separation of the collision problem into an easy and a hard component. We subsequently present two variants of the Zémor-Tillich hash function with essentially the same collision resistance but reduced outputs of 2n and n bits instead of the original 3n bits. Our second variant keeps only the hard component of the collision problem; for well-chosen parameters the best collision attack on it is the birthday attack.

Original languageEnglish
Title of host publicationTopics in Cryptology - CT-RSA 2009 - The Cryptographers' Track at the RSA Conference 2009, Proceedings
PublisherSpringer Verlag
Pages182-194
Number of pages13
ISBN (Print)9783642008610
DOIs
Publication statusPublished - 2009
EventCryptographers' Track at the RSA Conference, CT-RSA 2009 - San Francisco, CA, United States
Duration: 20 Apr 200924 Apr 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5473
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceCryptographers' Track at the RSA Conference, CT-RSA 2009
Country/TerritoryUnited States
CitySan Francisco, CA
Period20/04/0924/04/09

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Hard and easy components of collision search in the Źemor-tillich hash function: New attacks and reduced variants with equivalent security'. Together they form a unique fingerprint.

Cite this