Birthday attack

A birthday attack is a bruteforce collision attack that exploits the mathematics behind the birthday problem in probability theory. This attack can be used to abuse communication between two or more parties. The attack depends on the higher likelihood of collisions found between random attack attempts and a fixed degree of permutations (pigeonholes). Let ${\textstyle H}$ be the number of possible values of a hash function, with ${\textstyle H=2^{l}}$ . With a birthday attack, it is possible to find a collision of a hash function with ${\textstyle 50\%}$ chance in ${\textstyle {\sqrt {2^{l}}}=2^{l/2},}$ where ${\textstyle l}$ is the bit length of the hash output,^[1]^[2] and with ${\textstyle 2^{l-1}}$ being the classical preimage resistance security with the same probability.^[2] There is a general (though disputed^[3]) result that quantum computers can perform birthday attacks, thus breaking collision resistance, in ${\textstyle {\sqrt[{3}]{2^{l}}}=2^{l/3}}$ .^[4]

Although there are some digital signature vulnerabilities associated with the birthday attack, it cannot be used to break an encryption scheme any faster than a brute-force attack.^[5]^: 36

^ "Avoiding collisions, Cryptographic hash functions" (PDF). Foundations of Cryptography, Computer Science Department, Wellesley College.
^ ^a ^b Dang, Q H (2012). Recommendation for applications using approved hash algorithms (Report). Gaithersburg, MD: National Institute of Standards and Technology.
^ Daniel J. Bernstein. "Cost analysis of hash collisions : Will quantum computers make SHARCS obsolete?" (PDF). Cr.yp.to. Retrieved 29 October 2017.
^ Brassard, Gilles; HØyer, Peter; Tapp, Alain (20 April 1998). "Quantum cryptanalysis of hash and claw-free functions". LATIN'98: Theoretical Informatics. Lecture Notes in Computer Science. Vol. 1380. Springer, Berlin, Heidelberg. pp. 163–169. arXiv:quant-ph/9705002. doi:10.1007/BFb0054319. ISBN 978-3-540-64275-6. S2CID 118940551.
^ R. Shirey (August 2007). Internet Security Glossary, Version 2. Network Working Group. doi:10.17487/RFC4949. RFC 4949. Informational.

[1] "Avoiding collisions, Cryptographic hash functions" (PDF). Foundations of Cryptography, Computer Science Department, Wellesley College.

[:0-2] Dang, Q H (2012). Recommendation for applications using approved hash algorithms (Report). Gaithersburg, MD: National Institute of Standards and Technology.

[3] Daniel J. Bernstein. "Cost analysis of hash collisions : Will quantum computers make SHARCS obsolete?" (PDF). Cr.yp.to. Retrieved 29 October 2017.

[4] Brassard, Gilles; HØyer, Peter; Tapp, Alain (20 April 1998). "Quantum cryptanalysis of hash and claw-free functions". LATIN'98: Theoretical Informatics. Lecture Notes in Computer Science. Vol. 1380. Springer, Berlin, Heidelberg. pp. 163–169. arXiv:quant-ph/9705002. doi:10.1007/BFb0054319. ISBN 978-3-540-64275-6. S2CID 118940551.

[rfc4949-5] R. Shirey (August 2007). Internet Security Glossary, Version 2. Network Working Group. doi:10.17487/RFC4949. RFC 4949. Informational.

[1]

[2]

[3]

[4]

[5]