• Create Account

# Jethro_T

Member Since 07 Oct 2009
Offline Last Active Nov 03 2015 12:18 AM

### In Topic: Cryptographic Hash Function Problem

21 February 2013 - 01:39 AM

The question is plenty precise enough, assuming the OP's definition of "cryptographic hash function" is the accepted one.

As for the question, you need to look at the input/output properties of a cryptographic hash function, specifically the bit independence criterion. What does this criterion tell you about what different values of t will give you?

I'll give you a hint: it is very slightly better to select t = 0, 1, 2, .. until you find a match than to select t at random, because the latter runs the risk of you selecting the same t twice, thus wasting a hash function invocation (the probability of this occurring tends to 2^(-64), see the birthday paradox). Other than that, there is no difference between the two approaches. How come?

Another hint: the value of m is irrelevant to your expected probability of success - can you see why?

Note it may be easier to approach this in the random oracle model, if you've studied this.

Another, even easier approach is to show that if H(X) is a secure n-bit hash function, then removing any subset of bits from the output of this hash function and calling the "reduced" hash function H'(X), then H'(X) is still a secure m-bit hash function (where n - m bits were removed from the output of H(X)). Then, your problem boils down to a simple preimage argument.

Thanks for the post.  Here's my thinking (please correct me if I'm off track):

The output bits all change seemingly randomly with no visible tie to any of the input bits.

So we are basically looking to find the probability of finding a bit string of length 256 that begins with 50 zeros, in a setting where all possible output cases have equal probability of occuring.

P(50 leading zeros) = (1 / 2^50)

So if we run the hash 2^50 times, we can expect to find a value of t that satisfies our requirement.

Not very rigorous, but yes, that is correct. The easiest way to show it (IMO) is to consider H as a random oracle, such that for distinct inputs X and Y, every bit of H(X) and H(Y) are independent. Then, the probability of any one bit being zero is 1/2, and hence the probability of the first 50 bits being zero is 1/2^50.

On my last paragraph, you can also say, assume H is a secure 256-bit hash function. Then, define a new hash function H', which is simply the hash function H, truncated to the first 50 bits. By the bit independence criterion, H' is a "secure" 50-bit hash function (I use "secure" in quotes because while it technically has the required mathematical properties on 50 bits, it is too short to be secure in practice). Then, your problem is to find a preimage of H' for {0}^50, that is, find X such that:

H'(X) = {0}^50

Which by definition has complexity 2^50.

Note this is a bit out of reach for a single consumer-grade computer, but can be achieved in a few hours/days on a moderately sized cluster (say, 4 to 8 graphics cards).

### In Topic: Cryptographic Hash Function Problem

20 February 2013 - 11:30 PM

The question is plenty precise enough, assuming the OP's definition of "cryptographic hash function" is the accepted one.

As for the question, you need to look at the input/output properties of a cryptographic hash function, specifically the bit independence criterion. What does this criterion tell you about what different values of t will give you?

I'll give you a hint: it is very slightly better to select t = 0, 1, 2, .. until you find a match than to select t at random, because the latter runs the risk of you selecting the same t twice, thus wasting a hash function invocation (the probability of this occurring tends to 2^(-64), see the birthday paradox). Other than that, there is no difference between the two approaches. How come?

Another hint: the value of m is irrelevant to your expected probability of success - can you see why?

Note it may be easier to approach this in the random oracle model, if you've studied this.

Another, even easier approach is to show that if H(X) is a secure n-bit hash function, then removing any subset of bits from the output of this hash function and calling the "reduced" hash function H'(X), then H'(X) is still a secure m-bit hash function (where n - m bits were removed from the output of H(X)). Then, your problem boils down to a simple preimage argument.

Thanks for the post.  Here's my thinking (please correct me if I'm off track):

The output bits all change seemingly randomly with no visible tie to any of the input bits.

So we are basically looking to find the probability of finding a bit string of length 256 that begins with 50 zeros, in a setting where all possible output cases have equal probability of occuring.

P(50 leading zeros) = (1 / 2^50)

So if we run the hash 2^50 times, we can expect to find a value of t that satisfies our requirement.

### In Topic: Cryptographic Hash Function Problem

20 February 2013 - 10:16 PM

This is the question I'm trying to ask:

* What is the expected number of attempts before finding a value that satisfies the requirement?

### In Topic: Tail Recursion

21 January 2013 - 05:38 PM

I solved my problem this morning before I got a chance to get on the computer to check the replies to my post.  Seemed very easy this morning when I thought outloud "The value of f(n) is the value of the last 4 values of f(n)."  Naturally this made me realize immediately that I simply needed to start from the bottom 4 cases and build up the value of the function by simply keeping track of the previous 4 values of f(n).

My implementation in scheme:

```(define (q2iterative n)

(define (q2iter n a b c d)

(if (= n 0)

a

(q2iter (- n 1) (+ a (* b 2) (* c 3) (* d 4)) a b c)

)

)

(if (< n 4)

n

(q2iter (- n 3) 3 2 1 0)

)

)
```

### In Topic: Custom Flash Video Player

12 March 2012 - 05:14 PM

Thanks, that was a very informative reply. I'm not sure if my main problem was clear/specific enough though so I'll try to explain it better.

- I want to build a simple site that has a custom flash player that has additional functionality
- For example, I want my flash player to be able to repeat specified segments of the video (The user enters something like 0:10 to 0:20 and it loops that part of the video)
- I want users to be able to enter the address of videos stored on other sites (around 10 or so different sites)
- I want the video to play through my custom player as it is streamed from the 3rd party servers to the user (I don't want it downloaded to my server)

Is this possible?

PARTNERS