# On Finding Multi-Collisions in Random Functions.

December 2010

## Date of Award

Winter 12-12-2011

## Institute Name (Publisher)

Indian Statistical Institute

## Document Type

Master's Dissertation

## Degree Name

Master of Technology

Computer Science

## Department

Applied Statistics Unit (ASU-Kolkata)

## Supervisor

Sarkar, Palash (ASU-Kolkata; ISI)

## Abstract (Summary of the Work)

Multi-collision in a function means a set of r distinct points for r â‰¥ 2 in the domain of the function such that all of them map to a single point in the range of the function. In this thesis we will be mainly concerned with multi-collisions in random functions. Random functions are very important objects in modern cryptography, since MAC, hash functions and many other basic cryptographic primitives can be derived from them. In particular, â€˜secureâ€™ hash functions are often theoretically modeled as random functions. We know that collision-resistance is a desired property of any â€˜secureâ€™ hash function. â€˜Fastâ€™ collisions in a hash function is viewed as a certificational weakness of the construction. In the light of this discussion we can easily understand that algorithms for finding collisions in random function are of prime importance in cryptanalysis. Whereas efficient algorithms for finding two-collisions in random functions are well known and well studied, surprisingly, very little is mentioned about the more general problem of finding multi-collisions in existing literature. In this dissertation thesis we survey the existing literature on this subject as well as present our own contribution towards obtaining improved algorithms for finding multi-collisions.Here we provide a brief outline of the thesis. In next chapter we formally introduce all the basic concepts and background necessary to understand the recent developments. In section 2.3 we start with the well known algorithms for finding two-collisions and then move on to provide the background for the main topic of this thesis, i.e. finding multi-collisions. In section 2.2 we introduce a seemingly unrelated topic â€“ time/memory tradeoff attacks for inverting a one-way function, but later in section 2.3.6 we show how these same techniques can be used for obtaining new improved algorithms for finding threecollisions. In the last chapter we present our improvements. In section 3.1 we give the first efficient sequential algorithm for finding r-collisions for r â‰¥ 3. Then we present an improved parallel algorithm for the same problem (in section 3.2) and provide the analysis in section 3.2.2. In the next section (section 3.3) we provide a new time/processor tradeoff for this problem.

ProQuest Collection ID: http://gateway.proquest.com/openurl?url_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&res_dat=xri:pqm&rft_dat=xri:pqdiss:28843307

## Control Number

ISI-DISS-2010-249