Topic
Birthday problem
About: Birthday problem is a research topic. Over the lifetime, 249 publications have been published within this topic receiving 5945 citations. The topic is also known as: birthday paradox.
Papers published on a yearly basis
Papers
18 Aug 2002
TL;DR: A k-dimensional generalization of the birthday problem: given k lists of n-bit values, find some way to choose one element from each list so that the resulting k values XOR to zero, and gives an algorithm with subexponential running time when k is unrestricted.
Abstract: We study a k-dimensional generalization of the birthday problem: given k lists of n-bit values, find some way to choose one element from each list so that the resulting k values XOR to zero. For k = 2, this is just the extremely well-known birthday problem, which has a square-root time algorithm with many applications in cryptography. In this paper, we show new algorithms for the case k > 2: we show a cube-root time algorithm for the case of k = 4 lists, and we give an algorithm with subexponential running time when k is unrestricted.We also give several applications to cryptanalysis, describing new subexponential algorithms for constructing one-more forgeries for certain blind signature schemes, for breaking certain incremental hash functions, and for finding low-weight parity check equations for fast correlation attacks on stream ciphers. In these applications, our algorithm runs in O(22?n) time for an n-bit modulus, demonstrating that moduli may need to be at least 1600 bits long for security against these new attacks. As an example, we describe the first-known attack with subexponential complexity on Schnorr and Okamoto-Schnorr blind signatures over elliptic curve groups.
759 citations
TL;DR: A unified framework for the analysis of a class of random allocation processes that include the birthday paradox, the coupon collector problem, least-recently-used caching in memory management systems under the independent reference model and the move-to-front heuristic of self-organizing search is introduced.
560 citations
TL;DR: The test for uniformity introduced here is based on the number of observed ldquocoincidencesrdquo (samples that fall into the same bin), the mean and variance of which may be computed explicitly for the uniform distribution and bounded nonparametrically for any distribution that is known to be epsiv-distant from uniform.
Abstract: How many independent samples N do we need from a distribution p to decide that p is epsiv-distant from uniform in an L1 sense, Sigmai=1 m |p(i) - 1/m| > epsiv? (Here m is the number of bins on which the distribution is supported, and is assumed known a priori.) Somewhat surprisingly, we only need N epsiv2 Gt m 1/2 to make this decision reliably (this condition is both sufficient and necessary). The test for uniformity introduced here is based on the number of observed ldquocoincidencesrdquo (samples that fall into the same bin), the mean and variance of which may be computed explicitly for the uniform distribution and bounded nonparametrically for any distribution that is known to be epsiv-distant from uniform. Some connections to the classical birthday problem are noted.
383 citations
23 Aug 1998
TL;DR: A theoretical attack on the compression function SHA-O with complexity 2 61 is obtained, which is thus better than the birthday paradox attack and is a strong evidence that the transition to version 1 indeed raised the level of security of SHA.
Abstract: In this paper we present a method for finding collisions in SHA-0 which is related to differential cryptanalysis of block ciphers. Using this method, we obtain a theoretical attack on the compression function SHA-0 with complexity 261, which is thus better than the birthday paradox attack. In the case of SHA-1, this method is unable to find collisions faster than the birthday paradox. This is a strong evidence that the transition to version 1 indeed raised the level of security of SHA.
269 citations
Journal Article•
TL;DR: In this paper, the authors presented a method for finding collisions in SHA-0 which is related to differential cryptanalysis of block ciphers and obtained a theoretical attack on the compression function SHA-O with complexity 2 61, which is thus better than the birthday paradox attack.
Abstract: In this paper we present a method for finding collisions in SHA-0 which is related to differential cryptanalysis of block ciphers. Using this method, we obtain a theoretical attack on the compression function SHA-O with complexity 2 61 , which is thus better than the birthday paradox attack. In the case of SHA-1, this method is unable to find collisions faster than the birthday paradox. This is a strong evidence that the transition to version 1 indeed raised the level of security of SHA.
267 citations
Related Topics (5)
Performance Metrics
| Year | Papers |
|---|---|
| 2022 | 1 |
| 2021 | 6 |
| 2020 | 6 |
| 2019 | 11 |
| 2018 | 6 |
| 2017 | 9 |