[tahoe-dev] Avoiding multicollision attacks against Elk Point [minor correction]

David-Sarah Hopwood david-sarah at jacaranda.org
Thu Oct 15 06:55:59 UTC 2009

David-Sarah Hopwood wrote:
> However, note that this attack depends completely on the fact that hash_r
> uses an r-bit chaining value. If hash_r is actually a truncation of a hash
> with a z-bit chaining value, then the attack requires 2^(z/2) work.
> More precisely, it requires

... at least ...

> whatever work is needed for a collision
> attack on the untruncated hash, provided that the attack works with
> sufficient probability for an arbitrary chaining value.

David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com

More information about the tahoe-dev mailing list