On the complexity of the herding attack and some related attacks on hash functions | Designs, Codes and Cryptography Skip to main content
Springer Nature Link
Log in

On the complexity of the herding attack and some related attacks on hash functions

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

In this article, we analyze the complexity of the construction of the 2k-diamond structure proposed by Kelsey and Kohno (LNCS, Vol 4004, pp 183–200, 2006). We point out a flaw in their analysis and show that their construction may not produce the desired diamond structure. We then give a more rigorous and detailed complexity analysis of the construction of a diamond structure. For this, we appeal to random graph theory (in particular, to the theory of random intersection graphs), which allows us to determine sharp necessary and sufficient conditions for the message complexity (i.e., the number of hash computations required to build the required structure). We also analyze the computational complexity for constructing a diamond structure, which has not been previously studied in the literature. Finally, we study the impact of our analysis on herding and other attacks that use the diamond structure as a subroutine. Precisely, our results shows the following:

  1. 1.

    The message complexity for the construction of a diamond structure is \({\sqrt{k}}\) times more than the amount previously stated in literature.

  1. 2.

    The time complexity is n times the message complexity, where n is the size of hash value.

Due to the above two results, the herding attack (Kelsey and Kohno, LNCS, Vol 4004, pp 183–200, 2006) and the second preimage attack (Andreeva et al., LNCS, Vol 4965, pp 270–288, 2008) on iterated hash functions have increased complexity. We also show that the message complexity of herding and second preimage attacks on “hash twice” is n times the complexity claimed by Andreeva et al. (LNCS, Vol 5867, pp 393–414, 2009), by giving a more detailed analysis of the attack.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Japan)

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Allouche J.P., Shallit J.: Automatic Sequences: Theory, Applications, Generalizations. Cambridge University Press, Cambridge (2003)

    Book  MATH  Google Scholar 

  2. Andreeva E., Bouillaguet C., Fouque P.A., Hoch J.J., Kelsey J., Shamir A., Zimmer S.: Second preimage attacks on dithered hash functions. In: EUROCRYPT, Lecture Notes in Computer Science, vol. 4965, pp. 270–288 (2008).

  3. Andreeva E., Bouillaguet C., Dunkelman O., Kelsey J.: Herding, second preimage and Trojan message attacks beyond Merkle-Damgård. In: Selected Areas in Cryptography, Lecture Notes in Computer Science, vol. 5867, pp. 393–414 (2009).

  4. Blackburn S.R., Gerke S.: Connectivity of the uniform random intersection graph. Discret. Math. 309(16), 5130–5140 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  5. Bloznelis M., Jaworski J., Rybarczyk K: Component evolution in a secure wireless sensor network. Networks 53(1), 19–26 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  6. Bollobás B.: Random Graphs, 2nd edn. Cambridge University Press, Cambridge (2001)

    Book  MATH  Google Scholar 

  7. Bondy J.A., Murty U.S.R.: Graph Theory. Springer, New York (2008)

    Book  MATH  Google Scholar 

  8. Erdös P., Renyi A.: On the evolution of random graphs. In: Proceedings of the Hungarian Academy of Sciences, vol. 5, pp. 17–61 (1960).

  9. Erdös P., Rényi A.: On the existence of a factor of degree one of a connected random graph. Acta Mathematica Academiae Scientiarum Hungaricae Tomus 17(3–4), 359–368 (1966)

    Article  MATH  Google Scholar 

  10. Eschenauer L., Gligor V.: A key-management scheme for distributed sensor networks. In: Proc. 9th ACM conference on Computer and Communications Security, pp. 41–47 (2002).

  11. Fill J.A., Scheinerman E.R., Singer-Cohen K.B.: Random intersection graphs when m = Ω(n): An equivalence theorem relating the evolution of the g(n, m, p) and g(n, p) models. Random Struct. Algorithms 16(2), 156–176 (2000)

    Article  MathSciNet  MATH  Google Scholar 

  12. Godehardt E., Jaworski J.: Two models of random intersection graphs for classification. In: Optiz, O., Schwaiger, M. (eds) Studies in Classification, Data Analysis and Knowledge Organization, vol. 22, pp. 67–82. Springer, Berlin (2003)

    Google Scholar 

  13. Joux A.: Multicollisions in iterated hash functions. Application to cascaded constructions. In: CRYPTO, Lecture Notes in Computer Science, vol. 3152, pp. 306–316 (2004).

  14. Katz J., Lindell Y.: Introduction to Modern Cryptography. Chapman and Hall, CRC Press, Boca Raton (2007)

    Google Scholar 

  15. Kelsey J., Kohno T.: Herding hash functions and the Nostradamus attack. In: EUROCRYPT, Lecture Notes in Computer Science, vol. 4004, pp. 183–200 (2006).

  16. Kelsey J., Schneier B.: Second preimages on n-bit hash functions for much less than 2n work. In: EUROCRYPT, Lecture Notes in Computer Science, vol. 3494, pp. 474–490 (2005).

  17. Keränen V.: Abelian squares are avoidable on 4 letters. In: ICALP, pp. 41–52 (1992).

  18. Keränen V.: On abeliean square-free DT0L-languages over 4 letters. In: Proceedings of Conference on Combinatorics on Words, pp. 41–52 (2003).

  19. Micali S., Vazirani V.V.: An \({{\rm O}(m\sqrt{n})}\) algorithm for finding maximum matching in general graphs. In: FOCS, pp. 17–27 (1980).

  20. Motwani R.: Average-case analysis of algorithms for matchings and related problems. J. ACM 6, 1329–1356 (1994)

    Article  MathSciNet  Google Scholar 

  21. Neven G., Smart N., Warinschi B.: Hash function requirements for Schnorr signatures. J. Math. Cryptol. 3, 69–87 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  22. Pietro R.D., Mancini L., Mei A., Panconesi A., Radhakrishnan J.: Redoubtable sensor networks. ACM Trans. Inform. Systems Security 11, 1–22 (2008)

    Article  Google Scholar 

  23. Rivest R.: Abelian square-free dithering for iterated hash functions (2005).

  24. Rybarczyk K.: Sharp threshold functions for the random intersection graph via coupling method. http://arxiv.org/abs/0910.0749, Nov (2009).

  25. Shoup V.: A composition theorem for universal one-way hash functions. In: EUROCRYPT, Lecture Notes in Computer Science, vol. 1807, pp. 445–452, (2000).

  26. Stallings W.: Cryptography and Network Security. PhD thesis, Johns Hopkins University, Baltimore, Maryland (1995).

  27. Singer-Cohen K.B.: Random intersection graphs. Prentice Hall, New York (2006)

    Google Scholar 

  28. Stinson D.: Cryptography: Theory and Practice. Chapman & Hall/CRC Press Inc., Boca Raton (2006)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, UK

    Simon R. Blackburn

  2. David R. Cheriton School of Computer Science, University of Waterloo, Waterloo, ON, N2L 3G1, Canada

    Douglas R. Stinson & Jalaj Upadhyay

Authors
  1. Simon R. Blackburn
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Douglas R. Stinson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jalaj Upadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Douglas R. Stinson.

Additional information

This is one of several papers published together in Designs, Codes and Cryptography on the special topic: “Geometry, Combinatorial Designs & Cryptology”.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Blackburn, S.R., Stinson, D.R. & Upadhyay, J. On the complexity of the herding attack and some related attacks on hash functions. Des. Codes Cryptogr. 64, 171–193 (2012). https://doi.org/10.1007/s10623-010-9481-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-010-9481-x

Keywords

Mathematics Subject Classification (2000)

Search

Navigation