cost of brute-force multi-target preimage attacks can't be reduced to less than a collision attack
[Imported from Trac: page NewCaps/WhatCouldGoWrong, version 54]
parent
f8ab6c4eeb
commit
b4953091d2
|
@ -23,7 +23,7 @@ where *k* = bitlength(*K1*), *r* = bitlength(*R*), *s* = bitlength(*S*), *t* = b
|
|||
|
||||
(The notes to the diagram assume *k* == *r*.)
|
||||
|
||||
*p* is the success probability of an attack (0 < *p* <= 1). *N* is the number of targets for preimage attacks; this assumes that the attacker has stored the relevant hashes for *N* files and is content with finding a preimage for any of them.
|
||||
*p* is the success probability of an attack (0 < *p* <= 1). *N* is the number of targets for preimage attacks; this assumes that the attacker has stored the relevant hashes for *N* files and is content with finding a preimage for any of them. Note that since the attacker must also expend work to obtain each target hash, the cost of brute force cannot be reduced below a "square root" attack. For example, the work to forge an immutable file (attack !#3) by brute force cannot be reduced to less than sqrt(*p*).2^(*r*+*t*)/2^ (roughly the same work as a collision attack), no matter how many targets are available.
|
||||
|
||||
|
||||
1. *shape-shifter immutable file*: creator creates more than one file matching the immutable file readcap
|
||||
|
|
Loading…
Reference in a new issue