A Formula That Generates Hash Collisions
This work addresses a theoretical issue in cryptography by challenging definitions of collision resistance for hash functions, but it is incremental due to the impractical message lengths.
The authors tackled the problem of generating hash collisions for the Merkle-Damgård construction, resulting in an explicit formula that works for arbitrary message blocks and standardized constants, though it produces messages with impractical lengths (double exponential in the security parameter).
We present an explicit formula that produces hash collisions for the Merkle-Damgård construction. The formula works for arbitrary choice of message block and irrespective of the standardized constants used in hash functions, although some padding schemes may cause the formula to fail. This formula bears no obvious practical implications because at least one of any pair of colliding messages will have length double exponential in the security parameter. However, due to ambiguity in existing definitions of collision resistance, this formula arguably breaks the collision resistance of some hash functions.