|
|
| Line 1: |
Line 1: |
| {{Refimprove|date=December 2009}}
| | The name of the author is Jayson. My spouse and I live in Kentucky. Distributing production is where her primary earnings arrives from. To climb is some thing I truly appreciate doing.<br><br>My weblog ... [http://chorokdeul.co.kr/index.php?document_srl=324263&mid=customer21 cheap psychic readings] |
| '''Collision resistance''' is a property of [[cryptographic hash functions]]: a hash function is collision resistant if it is hard to find two inputs that hash to the same output; that is, two inputs ''a'' and ''b'' such that ''H''(''a'') = ''H''(''b''), and ''a'' ≠ ''b''.<ref name=GoldwasserBellare>[[Shafi Goldwasser|Goldwasser, S.]] and [[Mihir Bellare|Bellare, M.]] [http://cseweb.ucsd.edu/~mihir/papers/gb.html "Lecture Notes on Cryptography"]. Summer course on cryptography, MIT, 1996-2001</ref>{{rp|136}}
| |
| | |
| Every hash function with more inputs than outputs will necessarily have collisions. <ref name=GoldwasserBellare />{{rp|136}}Consider a hash function such as [[SHA-256]] that produces 256 bits of output from an arbitrarily large input. Since it must generate one of 2<sup>256</sup> outputs for each member of a much larger set of inputs, the [[pigeonhole principle]] guarantees that some inputs will hash to the same output. Collision resistance doesn't mean that no collisions exist; simply that they are hard to find.<ref name=GoldwasserBellare />{{rp|143}}
| |
| | |
| The "[[birthday paradox|birthday paradox"]] places an upper bound on collision resistance: if a hash function produces ''N'' bits of output, an attacker who computes "only" 2<sup>''N''/2</sup> (<math>\scriptstyle \sqrt{ 2^N}</math>) hash operations on random input is likely to find two matching outputs. If there is an easier method than this [[brute force attack]], it is typically considered a flaw in the hash function.<ref name=Lecture21Collision>Pass, R. [https://www.cs.cornell.edu/courses/cs6830/2009fa/scribes/lecture21.pdf "Lecture 21: Collision-Resistant Hash Functions and General Digital Signature Scheme"]. Course on Cryptography, Cornell University, 2009</ref>
| |
| | |
| [[Cryptographic hash function]]s are usually designed to be collision resistant. But many hash functions that were once thought to be collision resistant were later broken. [[MD5]] and [[SHA-1]] in particular both have published techniques more efficient than brute force for finding collisions.<ref>{{Cite web|url=http://merlot.usc.edu/csac-f06/papers/Wang05a.pdf|title=How to Break MD5 and Other Hash Functions|author=Xiaoyun Wang and Hongbo Yu|accessdate=2009-12-21}}</ref><ref>{{cite journal |author=Xiaoyun Wang, Yiquin Lisa Yin, Hongobo Yu |title=Finding Collisions in the Full SHA-1 |url=http://people.csail.mit.edu/yiqun/SHA1AttackProceedingVersion.pdf }}</ref> However, some hash functions have a proof that finding collisions is at least as difficult as some hard mathematical problem (such as [[integer factorization]] or [[discrete logarithm]]). Those functions are called [[Provably secure cryptographic hash function|provably secure]].<ref name=Lecture21Collision />
| |
| | |
| ==Rationale==
| |
| Collision resistance is desirable for several reasons.
| |
| * In some [[digital signature]] systems, a party attests to a document by publishing a [[public key]] signature on a hash of the document. If it is possible to produce two documents with the same hash, an attacker could get a party to attest to one, and then claim that the party had attested to the other.
| |
| * In some [[proof-of-work system|proof-of-work]] systems, users provide hash collisions as proof that they have performed a certain amount of computation to find them. If there is an easier way to find collisions than brute force, users can cheat the system.
| |
| * In some distributed content systems, parties compare cryptographic hashes of files in order to make sure they have the same version. An attacker who could produce two files with the same hash could trick users into believing they had the same version of a file when they in fact did not.
| |
| | |
| ==See also== | |
| * [[Collision attack]]
| |
| * [[Preimage attack]]
| |
| * [[NIST hash function competition]]
| |
| * [[Provably secure cryptographic hash function]]
| |
| | |
| ==References==
| |
| {{reflist}}
| |
| | |
| {{DEFAULTSORT:Collision Resistance}}
| |
| [[Category:Symmetric-key cryptography]]
| |
| [[Category:Theory of cryptography]]
| |
The name of the author is Jayson. My spouse and I live in Kentucky. Distributing production is where her primary earnings arrives from. To climb is some thing I truly appreciate doing.
My weblog ... cheap psychic readings