Abstract
In this paper, we show that the FFT-Hash function proposed by Schnorr [2] is not collision free. Finding a collision requires about 224 computation of the basic function of FFT. This can be done in few hours on a SUN4-workstation. In fact, it is at most as strong as a one-way hash function which returns a 48 bits length value. Thus, we can invert the proposed FFT hash-function with 248 basic computations. Some simple improvements of the FFT hash function are also proposed to try to get rid of the weaknesses of FFT.
The Laboratoire d’Informatique de l’Ecole Normale Supérieure is a research group affiliated with the CNRS
Chapter PDF
Similar content being viewed by others
References
C. P. Schnorr. FFT-Hashing: An Efficient Cryptographic Hash Function. Presented at the rump session ot the CRYPTO’91 Conference (unpublished)
C. P. Schnorr. FFT-Hash II, Efficient Cryptographic Hashing. Presented at the EUROCRYPT’92 Conference (unpublished)
T. Baritaud, H. Gilbert, M. Girault. FFT Hashing is not Collision-free. Presented at the EUROCRYPT’92 Conference (unpublished)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1993 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vaudenay, S. (1993). FFT-Hash-II is not yet Collision-free. In: Brickell, E.F. (eds) Advances in Cryptology — CRYPTO’ 92. CRYPTO 1992. Lecture Notes in Computer Science, vol 740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48071-4_43
Download citation
DOI: https://doi.org/10.1007/3-540-48071-4_43
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-57340-1
Online ISBN: 978-3-540-48071-6
eBook Packages: Springer Book Archive