time memory trade offs for near collisions
play

Time-memory Trade-offs for Near-collisions Conclusion Combining - PowerPoint PPT Presentation

Nov 30, 2022 •105 likes •430 views

Introduction 1/24 Gatan Leurent Time-memory Trade-offs for Near-collisions Conclusion Combining trunc & codes Time-memory trade-offs Memoryless FSE 2013 UCL Crypto Group FSE 2013 Time-memory Trade-offs for Near-collisions G.

  1. Introduction 1/24 Gaëtan Leurent Time-memory Trade-offs for Near-collisions Conclusion Combining trunc & codes Time-memory trade-offs Memoryless FSE 2013 UCL Crypto Group FSE 2013 Time-memory Trade-offs for Near-collisions G. Leurent Microelectronics Laboratory UCL Crypto Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

  2. Introduction 2/24 UCL Crypto Group An Ideal Hash Function: the Random Oracle Microelectronics Laboratory Conclusion G. Leurent Combining trunc & codes Time-memory Trade-offs for Near-collisions Time-memory trade-offs FSE 2013 Memoryless . . . . . . . . . . . . . . . . . . . . . . ▶ Public Random Oracle ▶ The output can be used as a fingerprint of the document . . . . . . . .

  3. Introduction Memoryless UCL Crypto Group 0x1d66ca77ab361c6f Microelectronics Laboratory An Ideal Hash Function: the Random Oracle G. Leurent Conclusion Time-memory Trade-offs for Near-collisions Combining trunc & codes FSE 2013 Time-memory trade-offs 2/24 . . . . . . . . . . . . . . . . . . . . . . . ▶ Public Random Oracle ▶ The output can be used as a fingerprint of the document . . . . . . . .

  4. Memoryless Time-memory trade-offs Introduction 3/24 Conclusion FSE 2013 Concrete security goals Time-memory Trade-offs for Near-collisions Preimage attack G. Leurent Second-preimage attack Microelectronics Laboratory Collision attack UCL Crypto Group Combining trunc & codes . . . . . . . . . . . . . . . . . . . . . Given F and H , find M s.t. F ( M ) = H . Ideal security: 2 n . Given F and M 1 , find M 2 ≠ M 1 s.t. F ( M 1 ) = F ( M 2 ) . Ideal security: 2 n . Given F , find M 1 ≠ M 2 s.t. F ( M 1 ) = F ( M 2 ) . Ideal security: 2 n / 2 . . . . . . . . .

  5. Memoryless Introduction UCL Crypto Group Extra goals Microelectronics Laboratory Conclusion G. Leurent Combining trunc & codes Time-memory Trade-offs for Near-collisions Time-memory trade-offs FSE 2013 4/24 . . . . . . . . . . . . . . . . . . . . . Hash functions are used in many different contexts, with various assumptions: ▶ MAC security ▶ Multicollision resistance ▶ Herding resistance ▶ Partialcollisions ▶ Random looking output ▶ Nearcollisions ▶ … . . . . . . . .

  6. Topic of this talk FSE 2013 Near-collision attack Near-collisions Conclusion Combining trunc & codes Time-memory trade-offs Introduction 5/24 Memoryless G. Leurent Time-memory Trade-offs for Near-collisions UCL Crypto Group Microelectronics Laboratory . . . . . . . . . . . . . . . . . . . . . Given F , w , find M 1 ≠ M 2 s.t. ‖ F ( M 1 ) ⊕ F ( M 2 )‖ ≤ w . ▶ Relaxation of a collision attack ▶ Similar techniques than collision ▶ Security margin ▶ Turning nearcollisions into collisions ▶ Many attack papers What is the complexity of generic nearcollision attacks? . . . . . . . .

  7. Combining trunc & codes UCL Crypto Group State of the art Microelectronics Laboratory Conclusion G. Leurent Time-memory trade-offs Time-memory Trade-offs for Near-collisions FSE 2013 Memoryless 6/24 Introduction . . . . . . . . . . . . . . . . . . . . . ▶ Lower bound 2 n / 2 /√ B w ( n ) ▶ Memoryfull algorithm 2 n / 2 /√ B w ( n ) ▶ Timememory tradeoff? ▶ Truncate more, TMT for many collisions 2 n / 2 /√ B w (𝜐) 2 𝜐 / B w (𝜐) ≈ M ▶ Memoryless algorithms ▶ Truncation based 2 ( n +𝜐)/ 2 / B w (𝜐) 𝜐 ∼ ( 2 + √ 2 )( w − 1 ) ▶ Covering codes based 2 n / 2 /􏽯 B w / 2 ( n ) ▶ Combine both? ▶ Truncate and find truncated nearcollisions with covering code . . . . . . . .

  8. Definition (size of a Hamming ball) FSE 2013 Lower bound Conclusion Combining trunc & codes Time-memory trade-offs Memoryless 7/24 Introduction G. Leurent UCL Crypto Group Microelectronics Laboratory Time-memory Trade-offs for Near-collisions . . . . . . . . . . . . . . . . . . . . . ▶ After i hash evaluations, about i 2 pairs. ▶ Each pair is a w nearcollision with probability B w ( n )/ 2 n ▶ Lower bound: i 2 ≈ 2 n / B w ( n ) , i.e. i ≈ 2 n / 2 /√ B w ( n ) ▶ Easier than collisions by a factor √ B w ( n ) B w ( n ) = # { x ∈ { 0 , 1 } n ∶ ‖ x ‖ ≤ w } . . . . . . . . .

  9. Combining trunc & codes Memoryless UCL Crypto Group Near-collision algorithm Microelectronics Laboratory Naive algorithm G. Leurent Conclusion Time-memory Trade-offs for Near-collisions Time-memory trade-offs FSE 2013 8/24 Introduction . . . . . . . . . . . . . . . . . . . . . for 0 ≤ a < i do L [ a ] ← h ( a ) ▷ i computations end for for 0 ≤ a < b < i do ▷ i 2 comparisons if ‖ L [ a ] ⊕ L [ b ]‖ ≤ w then return ( a , b ) end if end for ▶ i hash computations ▶ i 2 comparisons, memory accesses ▶ i memory Can we avoid this? . . . . . . . .

  10. Combining trunc & codes Memoryless UCL Crypto Group Near-collision algorithm Microelectronics Laboratory Naive algorithm G. Leurent Conclusion Time-memory Trade-offs for Near-collisions Time-memory trade-offs FSE 2013 8/24 Introduction . . . . . . . . . . . . . . . . . . . . . for 0 ≤ a < i do L [ a ] ← h ( a ) ▷ i computations end for for 0 ≤ a < b < i do ▷ i 2 comparisons if ‖ L [ a ] ⊕ L [ b ]‖ ≤ w then return ( a , b ) end if end for ▶ i hash computations ▶ i 2 comparisons, memory accesses ▶ i memory Can we avoid this? . . . . . . . .

  11. Combining trunc & codes Memoryless UCL Crypto Group Near-collision algorithm Microelectronics Laboratory Naive algorithm G. Leurent Conclusion Time-memory Trade-offs for Near-collisions Time-memory trade-offs FSE 2013 8/24 Introduction . . . . . . . . . . . . . . . . . . . . . for 0 ≤ a < i do L [ a ] ← h ( a ) ▷ i computations end for for 0 ≤ a < b < i do ▷ i 2 comparisons if ‖ L [ a ] ⊕ L [ b ]‖ ≤ w then return ( a , b ) end if end for ▶ i hash computations ▶ i 2 comparisons, memory accesses ▶ i memory Can we avoid this? . . . . . . . .

  12. Time-memory trade-offs Memoryless collision finding Memoryless Introduction 9/24 Conclusion Combining trunc & codes FSE 2013 Time-memory Trade-offs for Near-collisions G. Leurent Microelectronics Laboratory UCL Crypto Group . . . . . . . . . . . . . . . . . . . . . Memoryless algorithms are known for full collisions: Pollard’s rho x 3 ▶ Iterate h : x i = f ( x i − 1 ) x 4 ▶ Collision after ≈ 2 n / 2 iterations x 2 x 7 ▶ Iteration cycles x 5 x 6 ▶ Memoryless cycle detection x 1 ▶ Floyd (tortoise and hare) ▶ Brent ▶ Nivasch ▶ Distinguished points ▶ … . . . . . . . . . x 0 . . . . . . . .

  13. Memoryless near-collisions algorithms FSE 2013 Combining trunc & codes Time-memory trade-offs Memoryless Introduction 10/24 Start Collision Detection Time-memory Trade-offs for Near-collisions Start G. Leurent Near-collision Microelectronics Laboratory ‽‽‽‽‽ UCL Crypto Group Conclusion . . . . . . . . . . . . . . . . . . . . . ▶ Memoryless collision algorithms based on iterating chains ▶ Collisions can be detected later in the chain x 1 x 1 x 0 . . . . . . x 0 . . . . . . ▶ This doesn’t work for nearcollision ▶ New approaches needed . . . . . . . .

  14. Combining trunc & codes UCL Crypto Group Using truncation Microelectronics Laboratory Conclusion G. Leurent Time-memory trade-offs Time-memory Trade-offs for Near-collisions FSE 2013 Memoryless 11/24 Introduction . . . . . . . . . . . . . . . . . . . . . 1 Truncate w bits 2 Find n − w bit collision (memoryless) 3 Gives w nearcollision for the full output n 0 n − w no difference ≤ w diff. . . . . . . ▶ Complexity: 2 ( n − w )/ 2 . . . . . . . .

  15. Combining trunc & codes UCL Crypto Group Using truncation Microelectronics Laboratory Conclusion G. Leurent Time-memory trade-offs Time-memory Trade-offs for Near-collisions FSE 2013 Memoryless 11/24 Introduction . . . . . . . . . . . . . . . . . . . . . 1 Truncate 2 w + 1 bits 2 Find n − 2 w − 1bit collisions (memoryless) 3 Gives w near collision with probability ½ n 0 n − 2 w − 1 no difference ≤ 2 w + 1 diff. . . . . . . ▶ Complexity: 2 ( n − 2 w − 1 )/ 2 × 2 . . . . . . . .

  16. Combining trunc & codes Memoryless UCL Crypto Group Using truncation Microelectronics Laboratory Conclusion G. Leurent Time-memory Trade-offs for Near-collisions Time-memory trade-offs FSE 2013 11/24 Introduction . . . . . . . . . . . . . . . . . . . . . 1 Truncate 𝜐 bits 2 Find n − 𝜐 bit collisions (memoryless) 3 Gives w near collision with probability B w (𝜐)/ 2 𝜐 n 0 n − 𝜐 no difference ≤ 𝜐 diff. . . . . . . ▶ Complexity: 2 ( n +𝜐)/ 2 / B w (𝜐) ▶ Optimal 𝜐 ∼ ( 2 + √ 2 )( w − 1 ) [Lamberger  Teufl, IPL 2013] . . . . . . . .

Recommend

Cracking Passwords With Time-memory Trade-offs Gildas Avoine Universit e catholique de

Cracking Passwords With Time-memory Trade-offs Gildas Avoine Universit e catholique de

Cracking Passwords With Time-memory Trade-offs Gildas Avoine Universit e catholique de Louvain, Belgium SUMMARY Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion MOTIVATIONS Motivations

692 views • 32 slides
TRADE-OFFS AMONG AI TRADE-OFFS AMONG AI TECHNIQUES TECHNIQUES Christian Kaestner With slides

TRADE-OFFS AMONG AI TRADE-OFFS AMONG AI TECHNIQUES TECHNIQUES Christian Kaestner With slides

TRADE-OFFS AMONG AI TRADE-OFFS AMONG AI TECHNIQUES TECHNIQUES Christian Kaestner With slides adopted from Eunsuk Kang Required reading: Vogelsang, Andreas, and Markus Borg. &quot; Requirements Engineering for Machine Learning:

760 views • 54 slides
Chapter 2 Trade-offs, Comparative Advantage, and the Market System Modeling Trade-offs:

Chapter 2 Trade-offs, Comparative Advantage, and the Market System Modeling Trade-offs:

Chapter 2 Trade-offs, Comparative Advantage, and the Market System Modeling Trade-offs: Production Possibilities Frontier (PPF) The PPF: Demonstrates the maximum attainable combination of two products with a given technology and a given

592 views • 13 slides
Time-Memory Tradeoffs for Short Hash Collisions Akshima University of Chicago Joint work with

Time-Memory Tradeoffs for Short Hash Collisions Akshima University of Chicago Joint work with

Time-Memory Tradeoffs for Short Hash Collisions Akshima University of Chicago Joint work with David Cash, Andrew Drucker, Hoeteck Wee 1 This Talk Inspects time-space tradeo ff s for finding short collisions in Merkle-Damgrd hash

890 views • 55 slides
Trade- offs in childrens time allocation : Mixed support for embodied capital models of the

Trade- offs in childrens time allocation : Mixed support for embodied capital models of the

Trade- offs in childrens time allocation : Mixed support for embodied capital models of the demographic transition in Tanzania Sophie Hedges 1* , Rebecca Sear 1 , Jim Todd 1,2 , Mark Urassa 2 , &amp; David W. Lawson 3 1 Department of Population

665 views • 49 slides
Time-Cost Trade-offs of Pipelined Dataflow Applications Jonathan Kho 1 , Erik Saule 4 , Anas

Time-Cost Trade-offs of Pipelined Dataflow Applications Jonathan Kho 1 , Erik Saule 4 , Anas

Time-Cost Trade-offs of Pipelined Dataflow Applications Jonathan Kho 1 , Erik Saule 4 , Anas AbuDoleh 1 , Xusheng Wang 1 , Hao Ding 2 , Kun Huang 1 , Raghu Machiraju 1 , 2 , urek 1 , 3 Umit V. C ataly 1 Biomedical Informatics, The Ohio

489 views • 33 slides
Time-Storage Trade-Offs for Cryptographically-Enforced Access Control Jason Crampton Information

Time-Storage Trade-Offs for Cryptographically-Enforced Access Control Jason Crampton Information

Time-Storage Trade-Offs for Cryptographically-Enforced Access Control Jason Crampton Information Security Group Royal Holloway, University of London ESORICS 2011 Traditional Access Control ? SECRET Time-Storage

707 views • 45 slides
on a quantum computer On quantum arithmetic and space-time trade-offs Martin Roetteler Microsoft

on a quantum computer On quantum arithmetic and space-time trade-offs Martin Roetteler Microsoft

Attacking binary elliptic curves on a quantum computer On quantum arithmetic and space-time trade-offs Martin Roetteler Microsoft Research Based on joint work with Brittanney Amento and Rainer Steinwandt [arXiv.org: 1209.5491, 1209.6348,

1.21k views • 76 slides
Time-Space Trade-Offs for the Longest Common Substring Problem Tatiana Starikovskaya 1 and Hjalte

Time-Space Trade-Offs for the Longest Common Substring Problem Tatiana Starikovskaya 1 and Hjalte

Time-Space Trade-Offs for the Longest Common Substring Problem Tatiana Starikovskaya 1 and Hjalte Wedel Vildhj 2 1 Moscow State University, Department of Mechanics and Mathematics, tat.starikovskaya@gmail.com 2 Technical University of Denmark,

1.17k views • 27 slides
Time-Space Trade-Offs for Longest Common Extensions Philip Bille 1 , Inge Li Grtz 1 , Benjamin

Time-Space Trade-Offs for Longest Common Extensions Philip Bille 1 , Inge Li Grtz 1 , Benjamin

Time-Space Trade-Offs for Longest Common Extensions Philip Bille 1 , Inge Li Grtz 1 , Benjamin Sach 2 , and Hjalte Wedel Vildhj 1 1 Technical University of Denmark, DTU Informatics, { phbi,ilg,hwvi } @imm.dtu.dk 2 University of Warwick,

948 views • 56 slides
Time-Space Trade-Offs for 2D Range Minimum Queries Gerth Stlting Brodal Pooya Davoodi Aarhus

Time-Space Trade-Offs for 2D Range Minimum Queries Gerth Stlting Brodal Pooya Davoodi Aarhus

Time-Space Trade-Offs for 2D Range Minimum Queries Gerth Stlting Brodal Pooya Davoodi Aarhus University S. Srinivasa Rao Seoul National University 18 th Annual European Symposium on Algorithms, Liverpool, United Kingdom, September 8, 2010

361 views • 23 slides
Compressive Extreme Learning Machines Improved Models Through Exploiting Time-Accuracy Trade-offs

Compressive Extreme Learning Machines Improved Models Through Exploiting Time-Accuracy Trade-offs

Compressive Extreme Learning Machines Improved Models Through Exploiting Time-Accuracy Trade-offs Mark van Heeswijk, Amaury Lendasse, Yoan Miche September 5, 2014 Outline Motivation Extreme Learning Machines Compressive Extreme Learning

975 views • 48 slides
Time-space Trade-offs for Voronoi Diagrams Matias Korman Wolfgang Mulzer Andr e van Renssen

Time-space Trade-offs for Voronoi Diagrams Matias Korman Wolfgang Mulzer Andr e van Renssen

Time-space Trade-offs for Voronoi Diagrams Matias Korman Wolfgang Mulzer Andr e van Renssen National institute of Institut f ur Informatik, National institute of informatics. Freie Universit at informatics. Tokyo, Japan Berlin,

374 views • 35 slides
Enemy targeting, trade - offs, and the evolutionary Assembly of

Enemy targeting, trade - offs, and the evolutionary Assembly of

Enemy targeting, trade - offs, and the evolutionary Assembly of a tortoise beetle defense arsenal Fredric V. Vencl Ecology and Evolution, Stony Brook

262 views • 9 slides
The Art and Science of Memory Allocation Don Porter CSE 506 Lecture goal Understand how

The Art and Science of Memory Allocation Don Porter CSE 506 Lecture goal Understand how

The Art and Science of Memory Allocation Don Porter CSE 506 Lecture goal Understand how memory allocators work In both kernel and applications Understand trade-offs and current best practices Bump allocator malloc (6)

522 views • 41 slides
System Level Power- Performance Trade-Offs in Embedded Systems Using Voltage and Frequency

System Level Power- Performance Trade-Offs in Embedded Systems Using Voltage and Frequency

System Level Power- Performance Trade-Offs in Embedded Systems Using Voltage and Frequency Scaling of Off-Chip Buses and Memory Puttaswamy 1 , Won Choi 1 , Jun Park 1 , Kiran Puttaswamy Kiran , Kyu Kyu- -Won Choi , Jun Cheol Cheol Park ,

341 views • 20 slides
History of Operating Systems What drives these trade-offs? Hardware User Applications

History of Operating Systems What drives these trade-offs? Hardware User Applications

10/1/16 COMP 530: Operating Systems COMP 530: Operating Systems Natural Selection Almost all OS design is about trade-offs History of Operating Systems What drives these trade-offs? Hardware User Applications Observation:

381 views • 6 slides
Discrete Ziggurat: A Time-Memory Trade-off for Sampling from a Gaussian Distribution over the

Discrete Ziggurat: A Time-Memory Trade-off for Sampling from a Gaussian Distribution over the

Discrete Ziggurat: A Time-Memory Trade-off for Sampling from a Gaussian Distribution over the Integers Johannes Buchmann, Daniel Cabarcas, Florian G opfert, Andreas H ulsing, Patrick Weiden Technische Universit at Darmstadt Darmstadt,

387 views • 18 slides
Understand the trade-offs using compilers for Java applications (From AOT to JIT and Beyond!)

Understand the trade-offs using compilers for Java applications (From AOT to JIT and Beyond!)

Understand the trade-offs using compilers for Java applications (From AOT to JIT and Beyond!) Mark Stoodley Eclipse OpenJ9 &amp; OMR project co-lead Senior Software Developer @ IBM Canada mstoodle@ca.ibm.com @mstoodle Java ecosystem has a

827 views • 56 slides
I/O Virtualization with Hardware Support Ubaid H. and Vasia P. Trade-offs and Motivation - In

I/O Virtualization with Hardware Support Ubaid H. and Vasia P. Trade-offs and Motivation - In

I/O Virtualization with Hardware Support Ubaid H. and Vasia P. Trade-offs and Motivation - In a fully virtual I/O, we have interposition - Full encapsulation (store, pause, resume), portability, flexibility, live migration - Slow

423 views • 24 slides
SociableSense: Exploring the Trade- offs of Adaptive Sampling and Computation Offloading for

SociableSense: Exploring the Trade- offs of Adaptive Sampling and Computation Offloading for

SociableSense: Exploring the Trade- offs of Adaptive Sampling and Computation Offloading for Social Sensing Kiran K. Rachuri, Cecilia Mascolo, Mirco Musolesi, Peter J. Rentfrow Mateusz Grabowski The images come from an original presentation:

373 views • 33 slides
Privacy Trade Offs of Geo Location General Population Concerns and an Application to

Privacy Trade Offs of Geo Location General Population Concerns and an Application to

Privacy Trade Offs of Geo Location General Population Concerns and an Application to the 2020 US Census Laura Brandimarte Alessandro Acquisti 1 2 How does this affect willingness to disclose personal information? 3 What is the

682 views • 30 slides
Efficiency and Distributional Trade-Offs in Recycling Carbon Cap-and-Trade Revenues Ian Parry

Efficiency and Distributional Trade-Offs in Recycling Carbon Cap-and-Trade Revenues Ian Parry

Efficiency and Distributional Trade-Offs in Recycling Carbon Cap-and-Trade Revenues Ian Parry Resources For the Future Roberton C. Williams III University of Maryland, University of Texas, Resources For the Future, and NBER Distributional

693 views • 15 slides
The Theory of Web Transparency: Algorithms and Trade-offs Augustin Chaintreau 1 , Guillaume

The Theory of Web Transparency: Algorithms and Trade-offs Augustin Chaintreau 1 , Guillaume

The Theory of Bringing Privacy into Practice, 2015 1/8 The Theory of Web Transparency: Algorithms and Trade-offs Augustin Chaintreau 1 , Guillaume Ducoffe 2 , 3 , Roxana Geambasu 1 , ecuyer 1 Mathias L 1Columbia University 2Univ. Nice Sophia

339 views • 14 slides

More recommend