0

I have the following hash algorithm:

    unsigned long specialNum=0x4E67C6A7;
    unsigned int ch;
    char inputVal[]="                        AAPB2GXG";


    for(int i=0;i<strlen(inputVal);i++)
    {
        ch=inputVal[i];

        ch=ch+(specialNum*32);
        ch=ch+(specialNum/4);

        specialNum=bitXor(specialNum,ch);
    }

    unsigned int outputVal=specialNum;

The bitXor simply does the Xor operation:

int bitXor(int a,int b)
{
    return (a & ~b) | (~a & b);
}

Now I want to find an Algorithm that can generate an "inputVal" when the outputVal is given.(The generated inputVal may not be necessarily be same as the original inputVal.That's why I want to find collision). This means that I need to find an algorithm that generates a solution that when fed into the above algorithm results same as specified "outputVal". The length of solution to be generated should be less than or equal to 32.

user4964911
  • 5
  • 5
  • You do know that many hash functions are written so that getting the original value is **really difficult** as this is typically an encryption technique (although with more complicated hash functions). – Cory Kramer Jun 02 '15 at 11:14
  • 1
    You realise that your hash function only returns values that fit into the range of an int? – gnasher729 Jun 02 '15 at 11:16
  • 2
    Finding **a** collision will not be hard due to the [birthday paradox](http://en.wikipedia.org/wiki/Birthday_problem). However finding a value that gives the same hash as another *fixed* value will be hard and will be comparable to computing the hash code of all integers – Ivaylo Strandjev Jun 02 '15 at 11:24
  • @gnasher729, yes all values computed fit in unsigned int – user4964911 Jun 02 '15 at 11:53
  • @Ivaylo collision means for two different input values, the hash function's result is same.Right? Thats what i am asking in question. – user4964911 Jun 02 '15 at 11:56
  • Why don't you use the Xor operator ^ ?? –  Jun 02 '15 at 12:02
  • @CoryKramer , You do know that many hash functions have collisions.For some its difficult to find and for some its easy(as in my case).I want to know how to achieve collisions in my hash algorithm,If you understand the question. – user4964911 Jun 02 '15 at 12:04
  • @YvesDaoust yes I can ^ operator too. Dont bother about the bitXor(). It's meant just for XOR. – user4964911 Jun 02 '15 at 12:16

1 Answers1

1

Method 1: Brute force. Not a big deal, because your "specialNum" is always in the range of an int, so after trying on average a few billion input values, you find the right one. Should be done in a few seconds.

Method 2: Brute force, but clever.

Consider the specialNum value before the last ch is processed. You first calculate (specialNum * 32) + (specialNum / 4) + ch. Since -128 <= ch < 128 or 0 <= ch < 256 depending on the signedness of char, you know the highest 23 bits of the result, independent of ch. After xor'ing ch with specialNum, you also know the highest 23 bits (if ch is signed, there are two possible values for the highest 23 bits). You check whether those 23 bits match the desired output, and if they don't, you have excluded all 256 values of ch in one go. So the brute force method will end on average after 16 million steps.

Now consider the specialNum value before the last two ch are processed. Again, you can determine the highest possible 14 bits of the result (if ch is signed with four alternatives) without examining the last two characters at all. If the highest 14 bits don't match, you are done.

Method 3: This is how you do it. Consider in turn all strings s of length 0, 1, 2, etc. (however, your algorithm will most likely find a solution much quicker). Calculate specialNum after processing the string s. Following your algorithm, and allowing for char to be signed, find the up to 4 different values that the highest 14 bits of specialNum might have after processing two further characters. If any of those matches the desired output, then examine the value of specialNum after processing each of the 256 possible values of the next character, and find the up to 2 different values that the highest 23 bits of specialNum might have after examining another char. If one of those matches the highest 23 bits of the desired output then examine what specialNum would be after processing each of the 256 possible next characters and look for a match.

This should work below a millisecond. If char is unsigned, it is faster.

gnasher729
  • 51,477
  • 5
  • 75
  • 98