Preimage attack

In cryptography, a preimage attack on cryptographic hash functions tries to find a message that has a specific hash value. A cryptographic hash function should resist attacks on its preimage (set of possible inputs).

In the context of attack, there are two types of preimage resistance:

preimage resistance: for essentially all pre-specified outputs, it is computationally infeasible to find any input that hashes to that output; i.e., given $y$ , it is difficult to find an $x$ such that $h (x) = y$ .
second-preimage resistance: for a specified input, it is computationally infeasible to find another input which produces the same output; i.e., given $x$ , it is difficult to find a second input $x' \neq x$ such that $h (x) = h (x')$ .

These can be compared with a collision resistance, in which it is computationally infeasible to find any two distinct inputs $x$ , $x'$ that hash to the same output; i.e., such that $h (x) = h (x')$ .

Collision resistance implies second-preimage resistance. Second-preimage resistance implies preimage resistance only if the size of the hash function's inputs can be substantially (e.g., factor 2) larger than the size of the hash function's outputs. Conversely, a second-preimage attack implies a collision attack (trivially, since, in addition to $x'$ , $x$ is already known right from the start).

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.