Академический Документы
Профессиональный Документы
Культура Документы
What is a Paradox?
A paradox is a statement or concept
that contains conflicting ideas.
For example, consider a situation in which a father and his son
Rksk Ekanayaka
are driving down the road. The car crashes into a tree and the
father is killed. The boy is rushed to the nearest hospital
where he is prepared for emergency surgery. On entering the
surgery suite, the surgeon says, "I can't operate on this boy.
He's my son."
Rksk Ekanayaka
( )
365 365
364 363 3651
For n persons: P(n) = 1 ( )
365 365 365
With 22 people in a room, there is better than 50% chance that two
people have a common birthday.
Rksk Ekanayaka
then on average trials are
required to find a collision.
4
Hash Functions
A hash function takes a variable
length message M and produces a
fixed length message digest.
Rksk Ekanayaka
If the length of the digest is m
then there are 2 possible
message digests.
Rksk Ekanayaka
Using previous equation, we have
k = 2 = 2/2 6
Birthday Attack
Consider a hash function that gets an arbitrary
message and outputs a n-bit digest.
There are 2 possible digests.
Then we need to try an average of 2/2
Rksk Ekanayaka
messages to find two with the same digest.
Rksk Ekanayaka
An attacker generates 2/2 variations on the
message, all of which gives the same meaning.
The attacker prepares an equal number of
messages, all of which are variations of the
fraudulent message to be substituted for the real
one. 8
Birthday Attack
The two sets of messages are compared to find a pair of
messages that produce the same hash code. The probability of
success is greater than 0.5. If no match is found, additional
valid and fraudulent messages are generated until a match is
made.
Rksk Ekanayaka
The attacker offers the valid variation to A for signature. This
signature can then be attached to the fraudulent variation for
transmission to the intended recipient. Because the two
variations have the same hash code, they will produce the
same signature; the attacker is assured of success even
though the encryption key is not known.
9
How to avoid birthday attack
To avoid this attack, the output length of
the hash function used for a signature
scheme can be chosen large enough so
Rksk Ekanayaka
that the birthday attack becomes
computationally infeasible.
i.e. about twice as many bits as are
needed to prevent an ordinary brute-force
attack.
10
References
https://en.wikipedia.org/wiki/Birthday_problem
https://en.wikipedia.org/wiki/Birthday_attack
Rksk Ekanayaka
www.facweb.iitkgp.ernet.in/~sourav/lecture_note9.pdf
https://www.youtube.com/watch?v=2bEL3ok8D70
https://www.youtube.com/watch?v=jBXWuQGRosM
11
Thank you.
Rksk Ekanayaka
12