[tahoe-dev] Avoiding multicollision attacks against Elk Point [minor correction]
David-Sarah Hopwood
david-sarah at jacaranda.org
Wed Oct 14 23:55:59 PDT 2009
David-Sarah Hopwood wrote:
[...]
> However, note that this attack depends completely on the fact that hash_r
> uses an r-bit chaining value. If hash_r is actually a truncation of a hash
> with a z-bit chaining value, then the attack requires 2^(z/2) work.
> More precisely, it requires
... at least ...
> whatever work is needed for a collision
> attack on the untruncated hash, provided that the attack works with
> sufficient probability for an arbitrary chaining value.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
More information about the tahoe-dev
mailing list