Lightweight multimedia encryption: Algorithms and performance analysis.  Page 104 
Save page Remove page  Previous  104 of 126  Next 

small (250x250 max)
medium (500x500 max)
Large (1000x1000 max)
Extra Large
large ( > 500x500)
Full Resolution
All (PDF)

This page
All

squared numbers. A wiser attack exploiting this fact goes as follows. We can choose two random keys k1 6= k2, compute h(k2) − h(k1) (or h(k1) − h(k2) if h(k1) > h(k2)) and check whether it happens to be the difference between the two squared numbers. The attack complexity is equal to the total number of trials before a hit is met. Since h(·) is an nbit hash function, the maximal value of h(k2) − h(k1) is 2n − 1. Due to the randomness of k1 and k2, the value h(k2) − h(k1) can be regarded as a uniformly distributed random variable in interval [ 0, 2n −1 ]. Let d be the number of distinct values of x21 − x22 , where x1, x2 ∈ { 0, 1}m and x21 − x22 ≤ 2n − 1. The probability that h(k2) − h(k1) happens to be the difference between two squared numbers is Prob{ h(k2) − h(k1) = x21 − x22 : x1, x2 ∈ { 0, 1}m} = d 2n − 1 . (4.12) Let p represent this probability, and t be the number of trials before the first success. Again, along the same line of reasoning in the proof of Lemma 8, t follows the geometric distribution with probability p and the expectation of t is E(t) = 1/p = 2n − 1 d . The two strategies studied above seem to be the only effective algorithms given the simplicity of the construction x2 + h(k). The computational complexity of a collision attack is the minimum of two cases. This completes the proof. Although we are not able to compute the accurate value of d at this time, we have the following rough estimate. Consider the mbit number x with m < n/2. The maximal value of x2 is (2m − 1)2 < 2n. Hence, any x1, x2 will satisfy x21 − x22 ≤ 2n − 1. The number of possible values of x21 − x22 is approximately equal to d = ¡2m 2 ¢ ≈ 22m−1. Note that there are 94
Object Description
Description
Title  Lightweight multimedia encryption: Algorithms and performance analysis.  Page 104 
Repository email  cisadmin@lib.usc.edu 
Full text  squared numbers. A wiser attack exploiting this fact goes as follows. We can choose two random keys k1 6= k2, compute h(k2) − h(k1) (or h(k1) − h(k2) if h(k1) > h(k2)) and check whether it happens to be the difference between the two squared numbers. The attack complexity is equal to the total number of trials before a hit is met. Since h(·) is an nbit hash function, the maximal value of h(k2) − h(k1) is 2n − 1. Due to the randomness of k1 and k2, the value h(k2) − h(k1) can be regarded as a uniformly distributed random variable in interval [ 0, 2n −1 ]. Let d be the number of distinct values of x21 − x22 , where x1, x2 ∈ { 0, 1}m and x21 − x22 ≤ 2n − 1. The probability that h(k2) − h(k1) happens to be the difference between two squared numbers is Prob{ h(k2) − h(k1) = x21 − x22 : x1, x2 ∈ { 0, 1}m} = d 2n − 1 . (4.12) Let p represent this probability, and t be the number of trials before the first success. Again, along the same line of reasoning in the proof of Lemma 8, t follows the geometric distribution with probability p and the expectation of t is E(t) = 1/p = 2n − 1 d . The two strategies studied above seem to be the only effective algorithms given the simplicity of the construction x2 + h(k). The computational complexity of a collision attack is the minimum of two cases. This completes the proof. Although we are not able to compute the accurate value of d at this time, we have the following rough estimate. Consider the mbit number x with m < n/2. The maximal value of x2 is (2m − 1)2 < 2n. Hence, any x1, x2 will satisfy x21 − x22 ≤ 2n − 1. The number of possible values of x21 − x22 is approximately equal to d = ¡2m 2 ¢ ≈ 22m−1. Note that there are 94 