[tahoe-dev] Avoiding multicollision attacks against Elk Point [minor correction]
david-sarah at jacaranda.org
Thu Oct 15 06:55:59 UTC 2009
David-Sarah Hopwood wrote:
> However, note that this attack depends completely on the fact that hash_r
> uses an r-bit chaining value. If hash_r is actually a truncation of a hash
> with a z-bit chaining value, then the attack requires 2^(z/2) work.
> More precisely, it requires
... at least ...
> whatever work is needed for a collision
> attack on the untruncated hash, provided that the attack works with
> sufficient probability for an arbitrary chaining value.
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
More information about the tahoe-dev