A Survey of Chosen-Prefix Collision Attacks

Abstract

Cryptographic hash functions are the swiss army knives within cryptography. They are used in many applications including digital signature schemes, message authentication codes, password hashing, cryptocurrencies and content-addressable storage. The security or even the proper functioning of these applications relies on the security property that is the main focus of this chapter: collision resistance. For instance, all major digital signature schemes rely on the hash-then-sign paradigm. This implies that for any colliding pair x , y with H(x) = H(y), any signature for x is also an unwanted valid signature for y, and vice versa. When finding meaningful collision pairs (x, y) is practical, this can have grave implications as will become clear below.