memoryless near collisions via coding theory
play

Memoryless Near-Collisions via Coding Theory Mario Lamberger - PowerPoint PPT Presentation

Mar 07, 2024 •408 likes •589 views

Institute for Applied Information Processing and Communications (IAIK) Memoryless Near-Collisions via Coding Theory Mario Lamberger Florian Mendel Vincent Rijmen Koen Simoens Institute for Applied Information Processing and Communications

  1. Institute for Applied Information Processing and Communications (IAIK) Memoryless Near-Collisions via Coding Theory Mario Lamberger Florian Mendel Vincent Rijmen Koen Simoens Institute for Applied Information Processing and Communications (IAIK) Graz University of Technology Inffeldgasse 16a, A-8010 Graz, Austria mario.lamberger@iaik.tugraz.at M. Lamberger ASIACRYPT 2009 - Rump Session Memoryless Near-Collisions 1

  2. Institute for Applied Information Processing and Communications (IAIK) Memoryless Collision I guess we heard about the birthday paradox For an n -bit hash function, we need 2 n / 2 hash calls and a list of the same size Using a lot of memory sucks, so we implement it using a cycle finding method Floyd Brent . . . M. Lamberger ASIACRYPT 2009 - Rump Session Memoryless Near-Collisions 2

  3. Institute for Applied Information Processing and Communications (IAIK) Now what about near-collisions Near-Collision Resistance - HAC It should be hard to find any two inputs m , m ∗ such that H ( m ) and H ( m ∗ ) differ in only a small number of bits: d ( H ( m ) , H ( m ∗ )) ≤ ǫ. This includes collisions ⇒ easier! What should a “near”-cycle be? M. Lamberger ASIACRYPT 2009 - Rump Session Memoryless Near-Collisions 3

  4. Institute for Applied Information Processing and Communications (IAIK) A possible solution π : Linear projection map that sets ǫ bits to 0 M. Lamberger ASIACRYPT 2009 - Rump Session Memoryless Near-Collisions 4

  5. Institute for Applied Information Processing and Communications (IAIK) A possible solution π : Linear projection map that sets ǫ bits to 0 Then, a collision for π ◦ H results in a near-collision for H M. Lamberger ASIACRYPT 2009 - Rump Session Memoryless Near-Collisions 4

  6. Institute for Applied Information Processing and Communications (IAIK) A possible solution π : Linear projection map that sets ǫ bits to 0 Then, a collision for π ◦ H results in a near-collision for H Improves the performance by 2 ǫ/ 2 Drawback: finds only a fraction of all ǫ -near-collisions 2 ǫ � . � ǫ � n i = 0 i M. Lamberger ASIACRYPT 2009 - Rump Session Memoryless Near-Collisions 4

  7. Institute for Applied Information Processing and Communications (IAIK) A possible solution π : Linear projection map that sets ǫ bits to 0 Then, a collision for π ◦ H results in a near-collision for H Improves the performance by 2 ǫ/ 2 Drawback: finds only a fraction of all ǫ -near-collisions 2 ǫ � . � ǫ � n i = 0 i Ideally, we would like to have a map g which gives a one-to-one correspondence between ǫ -near-collisions ( ǫ ≥ 1) for H and collisions for g ◦ H M. Lamberger ASIACRYPT 2009 - Rump Session Memoryless Near-Collisions 4

  8. Institute for Applied Information Processing and Communications (IAIK) Our idea Let H be a hash function of output size n . M. Lamberger ASIACRYPT 2009 - Rump Session Memoryless Near-Collisions 5

  9. Institute for Applied Information Processing and Communications (IAIK) Our idea Let H be a hash function of output size n . Let C ⊆ Z n 2 be a code of the same length n , size K and covering radius ρ ( C ) and assume there exists an efficiently computable map g that maps every x ∈ Z n 2 to a codeword at distance ρ ( C ) or less M. Lamberger ASIACRYPT 2009 - Rump Session Memoryless Near-Collisions 5

  10. Institute for Applied Information Processing and Communications (IAIK) Our idea Let H be a hash function of output size n . Let C ⊆ Z n 2 be a code of the same length n , size K and covering radius ρ ( C ) and assume there exists an efficiently computable map g that maps every x ∈ Z n 2 to a codeword at distance ρ ( C ) or less Then, we can find 2 ρ ( C ) -near-collisions for H with a √ complexity of about K and with virtually no memory requirements M. Lamberger ASIACRYPT 2009 - Rump Session Memoryless Near-Collisions 5

  11. Institute for Applied Information Processing and Communications (IAIK) Our idea Let H be a hash function of output size n . Let C ⊆ Z n 2 be a code of the same length n , size K and covering radius ρ ( C ) and assume there exists an efficiently computable map g that maps every x ∈ Z n 2 to a codeword at distance ρ ( C ) or less Then, we can find 2 ρ ( C ) -near-collisions for H with a √ complexity of about K and with virtually no memory requirements If decoding is efficient, use this as g M. Lamberger ASIACRYPT 2009 - Rump Session Memoryless Near-Collisions 5

  12. Institute for Applied Information Processing and Communications (IAIK) Our idea Let H be a hash function of output size n . Let C ⊆ Z n 2 be a code of the same length n , size K and covering radius ρ ( C ) and assume there exists an efficiently computable map g that maps every x ∈ Z n 2 to a codeword at distance ρ ( C ) or less Then, we can find 2 ρ ( C ) -near-collisions for H with a √ complexity of about K and with virtually no memory requirements If decoding is efficient, use this as g Size K → sphere covering bound M. Lamberger ASIACRYPT 2009 - Rump Session Memoryless Near-Collisions 5

  13. Institute for Applied Information Processing and Communications (IAIK) Our proposed construction For given n and ρ we considered direct sums of Hamming codes and trivial codes d i H i ⊕ Z r ( n ,ρ ) � C = 2 i ≥ 1 M. Lamberger ASIACRYPT 2009 - Rump Session Memoryless Near-Collisions 6

  14. Institute for Applied Information Processing and Communications (IAIK) Our proposed construction For given n and ρ we considered direct sums of Hamming codes and trivial codes d i H i ⊕ Z r ( n ,ρ ) � C = 2 i ≥ 1 Easy to decode M. Lamberger ASIACRYPT 2009 - Rump Session Memoryless Near-Collisions 6

  15. Institute for Applied Information Processing and Communications (IAIK) Our proposed construction For given n and ρ we considered direct sums of Hamming codes and trivial codes d i H i ⊕ Z r ( n ,ρ ) � C = 2 i ≥ 1 Easy to decode Gives rise to an interesting digit problem N i = 2 i − 1 , d i ∈ { 0 , . . . , ρ ) � i ≥ 1 d i N i ≤ n , � i ≥ 1 d i = ρ � i ≥ 1 d i · i should be maximal M. Lamberger ASIACRYPT 2009 - Rump Session Memoryless Near-Collisions 6

  16. Institute for Applied Information Processing and Communications (IAIK) Our proposed construction For given n and ρ we considered direct sums of Hamming codes and trivial codes d i H i ⊕ Z r ( n ,ρ ) � C = 2 i ≥ 1 Easy to decode Gives rise to an interesting digit problem N i = 2 i − 1 , d i ∈ { 0 , . . . , ρ ) � i ≥ 1 d i N i ≤ n , � i ≥ 1 d i = ρ � i ≥ 1 d i · i should be maximal Demonstrated the approach on the SHA-3 candidate TIB-3 M. Lamberger ASIACRYPT 2009 - Rump Session Memoryless Near-Collisions 6

  17. Institute for Applied Information Processing and Communications (IAIK) Thank you for your attention! M. Lamberger ASIACRYPT 2009 - Rump Session Memoryless Near-Collisions 7

Recommend

For every memoryless channel, there is a definite number C (computable) such that: If the

For every memoryless channel, there is a definite number C (computable) such that: If the

Channel coding theorem For every memoryless channel, there is a definite number C (computable) such that: If the data rate R < C , then there exists a coding scheme that can deliver data at rate R over the channel with vanishing error

304 views • 7 slides
Overview Coding and Information Theory What is information theory? Entropy Coding Chris

Overview Coding and Information Theory What is information theory? Entropy Coding Chris

Overview Coding and Information Theory What is information theory? Entropy Coding Chris Williams Rate-distortion theory School of Informatics, University of Edinburgh Mutual information Channel capacity November 2007 Reading: Bishop 1.6

389 views • 5 slides
An Introduction to (Network) Coding Theory Anna-Lena Horlemann-Trautmann University of St.

An Introduction to (Network) Coding Theory Anna-Lena Horlemann-Trautmann University of St.

An Introduction to (Network) Coding Theory An Introduction to (Network) Coding Theory Anna-Lena Horlemann-Trautmann University of St. Gallen, Switzerland April 24th, 2018 An Introduction to (Network) Coding Theory Coding Theory Introduction

1.11k views • 77 slides
Elementary Coding Theory 1 MATH 280 Discrete Mathematical Structures Elementary Coding Theory

Elementary Coding Theory 1 MATH 280 Discrete Mathematical Structures Elementary Coding Theory

Elementary Coding Theory 1 MATH 280 Discrete Mathematical Structures Elementary Coding Theory Information Transmission Transmission Encode Code word Received Decode Message Decoded message (special ntuple) ntuple (with

570 views • 32 slides
Lecture 7 Lossy Source Coding I-Hsiang Wang Department of Electrical Engineering National

Lecture 7 Lossy Source Coding I-Hsiang Wang Department of Electrical Engineering National

Lossy Source Coding Theorem for Memoryless Sources Proof of the Coding Theorem Lecture 7 Lossy Source Coding I-Hsiang Wang Department of Electrical Engineering National Taiwan University ihwang@ntu.edu.tw December 2, 2015 1 / 39 I-Hsiang

639 views • 39 slides
Introduction to Quantum Collision Theory Pierre Capel 16 July 2015 1 / 30 Quantum Collisions

Introduction to Quantum Collision Theory Pierre Capel 16 July 2015 1 / 30 Quantum Collisions

Introduction to Quantum Collision Theory Pierre Capel 16 July 2015 1 / 30 Quantum Collisions Quantum Collisions Quantum collisions used to study the interaction between particles/nuclei/atoms. . . analyse the structure of

651 views • 30 slides
Heavy-ion collisions: theory review Andrea Beraudo CERN, Theory Unit QCD at Cosmic

Heavy-ion collisions: theory review Andrea Beraudo CERN, Theory Unit QCD at Cosmic

Introduction Virtual experiments: lattice QCD Real experiments: heavy-ion collisions Heavy-ion collisions: theory review Andrea Beraudo CERN, Theory Unit QCD at Cosmic Energies, Paris, 11-15 June 2012 Andrea Beraudo Heavy-ion

1.26k views • 94 slides
1 1 1 1 1 1 1 1 Mariner Space Probe Years B.C. ( 1964) Years

1 1 1 1 1 1 1 1 Mariner Space Probe Years B.C. ( 1964) Years

Introduction Why Coding Theory ? Why Coding Theory ? Introduction Info Info Info Info to to Noise ! Noise ! ?# ?# Sink Sink Source Source Heh ! Heh ! Heh ! Heh ! Coding Theory Coding Theory Encoder Encoder Channel

246 views • 12 slides
Coding theory and Galois geometries: two interacting research areas Leo Storme Ghent University

Coding theory and Galois geometries: two interacting research areas Leo Storme Ghent University

Coding theory Equivalent problem in coding theory and Galois geometries ( x ( q + 1 ) , x ; 2 , q ) -minihypers Coding theory and Galois geometries: two interacting research areas Leo Storme Ghent University Dept. of Pure Mathematics and

758 views • 30 slides
Lecture 6 Channel Coding over Continuous Channels I-Hsiang Wang Department of Electrical

Lecture 6 Channel Coding over Continuous Channels I-Hsiang Wang Department of Electrical

Channel Coding over Continuous Memoryless Channels Parallel Gaussian Channel Lecture 6 Channel Coding over Continuous Channels I-Hsiang Wang Department of Electrical Engineering National Taiwan University ihwang@ntu.edu.tw November 9, 2015

1.07k views • 59 slides
EE653 - Coding Theory Lecture 1: Introduction & Overview Dr. Duy Nguyen Outline Course

EE653 - Coding Theory Lecture 1: Introduction & Overview Dr. Duy Nguyen Outline Course

EE653 - Coding Theory Lecture 1: Introduction & Overview Dr. Duy Nguyen Outline Course Information 1 Introduction to Coding Theory 2 Examples of Error Control Coding 3 Review of Digital Communications 4 Course Information 2

581 views • 31 slides
Coding and Information Theory Chris Williams School of Informatics, University of Edinburgh

Coding and Information Theory Chris Williams School of Informatics, University of Edinburgh

Coding and Information Theory Chris Williams School of Informatics, University of Edinburgh November 2007 1 / 20 Overview What is information theory? Entropy Coding Rate-distortion theory Mutual information Channel capacity Reading:

515 views • 20 slides
OPEN CODING A n a l y z i n g Q u a l i t a t i v e D a t a OPEN CODING part of many

OPEN CODING A n a l y z i n g Q u a l i t a t i v e D a t a OPEN CODING part of many

Alice Thudt OPEN CODING A n a l y z i n g Q u a l i t a t i v e D a t a OPEN CODING part of many qualitative analysis methods, e.g. Grounded Theory labeling concepts & developing categories from data bottom up approach

377 views • 18 slides
OPEN CODING A n a l y z i n g Q u a l i t a t i ve D a t a OPEN CODING part of many

OPEN CODING A n a l y z i n g Q u a l i t a t i ve D a t a OPEN CODING part of many

Developed by Alice Thudt OPEN CODING A n a l y z i n g Q u a l i t a t i ve D a t a OPEN CODING part of many qualitative analysis methods, e.g. Grounded Theory labeling concepts & developing categories from data bottom up

405 views • 29 slides
Galois geometries contributing to coding theory Leo Storme Ghent University Dept. of Mathematics

Galois geometries contributing to coding theory Leo Storme Ghent University Dept. of Mathematics

Coding theory Griesmer bound and minihypers Covering radius and saturating sets Linear MDS codes and arcs Extendability results and blocking sets Galois geometries contributing to coding theory Leo Storme Ghent University Dept. of

708 views • 59 slides
Lecture 6 Channel Coding over Continuous Channels I-Hsiang Wang Department of Electrical

Lecture 6 Channel Coding over Continuous Channels I-Hsiang Wang Department of Electrical

Channel Coding over Continuous Memoryless Channels Lecture 6 Channel Coding over Continuous Channels I-Hsiang Wang Department of Electrical Engineering National Taiwan University ihwang@ntu.edu.tw November 2, 2015 1 / 30 I-Hsiang Wang IT

406 views • 30 slides
Time-memory Trade-offs for Near-collisions Conclusion Combining trunc & codes Time-memory

Time-memory Trade-offs for Near-collisions Conclusion Combining trunc & codes Time-memory

Introduction 1/24 Gatan Leurent Time-memory Trade-offs for Near-collisions Conclusion Combining trunc & codes Time-memory trade-offs Memoryless FSE 2013 UCL Crypto Group FSE 2013 Time-memory Trade-offs for Near-collisions G.

430 views • 31 slides
Information theory and coding 1.00 Image, video and audio compression 0 1 0.40 0.60

Information theory and coding 1.00 Image, video and audio compression 0 1 0.40 0.60

Entropy coding review Huffman Information theory and coding 1.00 Image, video and audio compression 0 1 0.40 0.60 Markus Kuhn 0 1 0 1 v w 0.25 0.20 0.20 u 0 1 0.35 x Computer Laboratory 0.10 0.15 0 1 Huffmans

204 views • 18 slides
Lecture 6 Channel Coding over Continuous Channels I-Hsiang Wang Department of Electrical

Lecture 6 Channel Coding over Continuous Channels I-Hsiang Wang Department of Electrical

Channel Coding over Continuous Memoryless Channels Parallel Gaussian Channel Bandlimited Gaussian Channel Lecture 6 Channel Coding over Continuous Channels I-Hsiang Wang Department of Electrical Engineering National Taiwan University

1.22k views • 77 slides
Polar Coding for Processes with Memory glu 1 Ido Tal 2 Eren S a so 1 Intel 2 Technion 1 /

Polar Coding for Processes with Memory glu 1 Ido Tal 2 Eren S a so 1 Intel 2 Technion 1 /

Polar Coding for Processes with Memory glu 1 Ido Tal 2 Eren S a so 1 Intel 2 Technion 1 / 17 Well known: polarization occurs for a memoryless process Our setting: a process with memory Mild assumption: ( -mixing, 0 <

570 views • 17 slides
Information Theory Lecture 3 Lossless source coding algorithms: Huffman: CT5.68

Information Theory Lecture 3 Lossless source coding algorithms: Huffman: CT5.68

Information Theory Lecture 3 Lossless source coding algorithms: Huffman: CT5.68 Shannon-Fano-Elias: CT5.9 Arithmetic: CT13.3 Lempel-Ziv: CT13.45 Mikael Skoglund, Information Theory 1/21 Zero-Error Source Coding

493 views • 11 slides
collisions at = 200 GeV and U+U collisions at = 193 GeV with STAR

collisions at = 200 GeV and U+U collisions at = 193 GeV with STAR

Excess of J/ y yield at very low p T in Au+Au collisions at = 200 GeV and U+U collisions at = 193 GeV with STAR Wangmei Zha for the STAR Collaboration University of Science and Technology of China W. Zha etal.,

487 views • 22 slides
Comparison of Hydrodynamics and Kinetic Transport Theory for p+A and A+A Collisions Carsten

Comparison of Hydrodynamics and Kinetic Transport Theory for p+A and A+A Collisions Carsten

Comparison of Hydrodynamics and Kinetic Transport Theory for p+A and A+A Collisions Carsten Greiner with Kai Gallmeister, Harri Niemi , Dirk Rischke Bormio 56 th winter meeting, january 2018 Hydrodynamics & BAMPS Initial state specific

587 views • 32 slides
QcBits: constant-time small-key code-based cryptography Tung Chou Technische Universiteit

QcBits: constant-time small-key code-based cryptography Tung Chou Technische Universiteit

QcBits: constant-time small-key code-based cryptography Tung Chou Technische Universiteit Eindhoven, The Netherlands Coding theory 2 Coding theory Linear codes 2 Coding theory Linear codes a linear subspace in F N 2 2 Coding theory

1k views • 77 slides

More recommend