Birthday Paradox

What is a Paradox?
A paradox is a statement or concept
that contains conflicting ideas.
For example, consider a situation in which a father and his son

Rksk Ekanayaka
are driving down the road. The car crashes into a tree and the
father is killed. The boy is rushed to the nearest hospital
where he is prepared for emergency surgery. On entering the
surgery suite, the surgeon says, "I can't operate on this boy.
He's my son."

The paradox is resolved if it is revealed that the surgeon is a

woman the boy's mother. 2
The Birthday Paradox
There are n people in a room, what is the probability
that at least two people have the same birthday?
364
For n=2: P(2) = 1 -
365
364 363
For n=3: P(3) = 1

Rksk Ekanayaka
( )
365 365
364 363 3651
For n persons: P(n) = 1 ( )
365 365 365

With 22 people in a room, there is better than 50% chance that two
people have a common birthday.

With 40 people in a room there is almost 90% chance that two

people have a common birthday. 3
The Birthday Paradox
If n 365 then this probability is
more than half.

In general, if there are k possibilities

Rksk Ekanayaka
then on average trials are
required to find a collision.

4
Hash Functions
A hash function takes a variable
length message M and produces a
fixed length message digest.

Rksk Ekanayaka
If the length of the digest is m
then there are 2 possible
message digests.

More than one message will be

5
mapped to the same digest.
Probability of Hash Collisions
If we apply k random messages to our hash code
what must the value of k to have probability of
0.5 that at least one duplicate?

Rksk Ekanayaka
Using previous equation, we have
k = 2 = 2/2 6
Birthday Attack
Consider a hash function that gets an arbitrary
message and outputs a n-bit digest.
There are 2 possible digests.
Then we need to try an average of 2/2

Rksk Ekanayaka
messages to find two with the same digest.

For a 64-bit digest, this requires 232 tries.

For a 128-bit digest, this requires 264 (~1019 )
tries. (That is computationally infeasible.) 7
Birthday Attack
A is prepared to sign a message by appending
the appropriate m-bit hash code and encrypting
that hash code with As private key.

Rksk Ekanayaka
An attacker generates 2/2 variations on the
message, all of which gives the same meaning.
The attacker prepares an equal number of
messages, all of which are variations of the
fraudulent message to be substituted for the real
one. 8
Birthday Attack
The two sets of messages are compared to find a pair of
messages that produce the same hash code. The probability of
success is greater than 0.5. If no match is found, additional
valid and fraudulent messages are generated until a match is
made.

Rksk Ekanayaka
The attacker offers the valid variation to A for signature. This
signature can then be attached to the fraudulent variation for
transmission to the intended recipient. Because the two
variations have the same hash code, they will produce the
same signature; the attacker is assured of success even
though the encryption key is not known.
9
How to avoid birthday attack
To avoid this attack, the output length of
the hash function used for a signature
scheme can be chosen large enough so

Rksk Ekanayaka
that the birthday attack becomes
computationally infeasible.
i.e. about twice as many bits as are
needed to prevent an ordinary brute-force
attack.
10
References
https://en.wikipedia.org/wiki/Birthday_problem

https://en.wikipedia.org/wiki/Birthday_attack

Rksk Ekanayaka
www.facweb.iitkgp.ernet.in/~sourav/lecture_note9.pdf

https://www.youtube.com/watch?v=2bEL3ok8D70

https://www.youtube.com/watch?v=jBXWuQGRosM

11
 Thank you.

Rksk Ekanayaka
12