Lightweight multimedia encryption: Algorithms and performance analysis.  Page 101 
Save page Remove page  Previous  101 of 126  Next 

small (250x250 max)
medium (500x500 max)
Large (1000x1000 max)
Extra Large
large ( > 500x500)
Full Resolution
All (PDF)

This page
All

Due to the randomness of z and h(k), the value z − h(k) can be regarded as a uniformly distributed random variable in the interval [ 0, G ]. Hence, the probability that z − h(k) happens to be a square is Prob{ z − h(k) = x2 : x ∈ { 0, 1}m} = { 0, 1}m G = 2m 22m − 2m+1 + 2n (4.11) Let p represent this probability, and t be the number of trials before the first success. Then, the above equation means Prob{t = 1} = p Since successive trials are independent (i.e., the choice of k is random), we have Prob{t = k} = (1 − p)k p Thus, t follows the geometric distribution with probability p. It is a well known result that the expectation of t is E(t) = 1/p = 22m − 2m+1 + 2n 2m Even though we do not exclude possibilities of other strategies or magic algorithms that might give a preimage of a given z, such a algorithm must be extremely hard to conceive of given the simplicity of x2 +h(k). Thus, the two strategies studied above seem to be the only effective algorithms. The computational complexity of a preimage attack is the minimum of two cases. This completes the proof. Let us take a practical example to illustrate the difficulty of inverting the DP hash function (4.10). The hash function h(·) is the 160bit SHA1 algorithm. For several values of input length m, the computational complexity of finding a preimage is shown in Fig. 4.1. Note 91
Object Description
Description
Title  Lightweight multimedia encryption: Algorithms and performance analysis.  Page 101 
Repository email  cisadmin@lib.usc.edu 
Full text  Due to the randomness of z and h(k), the value z − h(k) can be regarded as a uniformly distributed random variable in the interval [ 0, G ]. Hence, the probability that z − h(k) happens to be a square is Prob{ z − h(k) = x2 : x ∈ { 0, 1}m} = { 0, 1}m G = 2m 22m − 2m+1 + 2n (4.11) Let p represent this probability, and t be the number of trials before the first success. Then, the above equation means Prob{t = 1} = p Since successive trials are independent (i.e., the choice of k is random), we have Prob{t = k} = (1 − p)k p Thus, t follows the geometric distribution with probability p. It is a well known result that the expectation of t is E(t) = 1/p = 22m − 2m+1 + 2n 2m Even though we do not exclude possibilities of other strategies or magic algorithms that might give a preimage of a given z, such a algorithm must be extremely hard to conceive of given the simplicity of x2 +h(k). Thus, the two strategies studied above seem to be the only effective algorithms. The computational complexity of a preimage attack is the minimum of two cases. This completes the proof. Let us take a practical example to illustrate the difficulty of inverting the DP hash function (4.10). The hash function h(·) is the 160bit SHA1 algorithm. For several values of input length m, the computational complexity of finding a preimage is shown in Fig. 4.1. Note 91 