Data Protection and Security

I

Secret Key Cryptography

I.II

Hash Functions

Birthday Paradox

Similar to the key length of block ciphers, the output length of hash functions determines the resistance against brute force attacks. If the hash function output length is n bits, then given an x finding a value m such that h(m)=x takes approximately 2ⁿ tries. Similarly for a given x, it will take on the order of 2ⁿ operations to find x’ such that h(x)=h(x’). In other words, a secure n-bit output hash function has a pre-image resistance and second pre-image resistance of 2ⁿ operations.

How about collision resistance? Here in this case there is not any pre-determined message at hand instead the issue is to find two arbitrary messages having the same hash output. Surprisingly maybe, if the hash output of 2^n/2 messages is generated, there is more than 50% probability that there is at least two messages among them having the same hash value. For instance if the hash output is 64 bits, it would take only about 2³² messages to find two with the same hash. This result makes collision attacks feasible unlike other forms of attacks (In other words, it is 2³² times faster than breaking the one-wayness of the hash function).

This result is usually referred as birthday paradox or birthday problem which states that if there are 23 or more people in in a room, there is more than 50% probability that two of them will have the same birthday. This interesting mathematical fact is demonstrated in the following simulation.

Simulation I.II-I

Random number generation & collision simulation. [click to enlarge]

I.I.Q