TY - GEN
T1 - Tight time-space lower bounds for finding multiple collision pairs and their applications
AU - Dinur, Itai
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2020.
PY - 2020/1/1
Y1 - 2020/1/1
N2 - We consider a collision search problem (CSP), where given a parameter C, the goal is to find C collision pairs in a random function (Formula presented) (where (Formula presented) using S bits of memory. Algorithms for CSP have numerous cryptanalytic applications such as space-efficient attacks on double and triple encryption. The best known algorithm for CSP is parallel collision search (PCS) published by van Oorschot and Wiener, which achieves the time-space tradeoff (Formula presented). In this paper, we prove that any algorithm for CSP satisfies (Formula presented), hence the best known time-space tradeoff is optimal (up to poly-logarithmic factors in N). On the other hand, we give strong evidence that proving similar unconditional time-space tradeoff lower bounds on CSP applications (such as breaking double and triple encryption) may be very difficult, and would imply a breakthrough in complexity theory. Hence, we propose a new restricted model of computation and prove that under this model, the best known time-space tradeoff attack on double encryption is optimal.
AB - We consider a collision search problem (CSP), where given a parameter C, the goal is to find C collision pairs in a random function (Formula presented) (where (Formula presented) using S bits of memory. Algorithms for CSP have numerous cryptanalytic applications such as space-efficient attacks on double and triple encryption. The best known algorithm for CSP is parallel collision search (PCS) published by van Oorschot and Wiener, which achieves the time-space tradeoff (Formula presented). In this paper, we prove that any algorithm for CSP satisfies (Formula presented), hence the best known time-space tradeoff is optimal (up to poly-logarithmic factors in N). On the other hand, we give strong evidence that proving similar unconditional time-space tradeoff lower bounds on CSP applications (such as breaking double and triple encryption) may be very difficult, and would imply a breakthrough in complexity theory. Hence, we propose a new restricted model of computation and prove that under this model, the best known time-space tradeoff attack on double encryption is optimal.
KW - Collision search problem
KW - Cryptanalysis
KW - Double encryption
KW - Parallel collision search
KW - Provable security
KW - R-way branching program
KW - Time-space tradeoff
UR - http://www.scopus.com/inward/record.url?scp=85090001365&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-45721-1_15
DO - 10.1007/978-3-030-45721-1_15
M3 - Conference contribution
AN - SCOPUS:85090001365
SN - 9783030457204
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 405
EP - 434
BT - Advances in Cryptology – EUROCRYPT 2020 - 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
A2 - Canteaut, Anne
A2 - Ishai, Yuval
PB - Springer
T2 - 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2020
Y2 - 10 May 2020 through 14 May 2020
ER -