Introduction
The birthday attack is actually a problem of probability theory, which means that a thing that seems difficult to happen, in fact, has a high probability of happening. This difference between subjective and actual probability increases the probability of a random attack being successful. Such an attack is called a birthday attack.
The origin of the birthday problem
The birthday problem is also called the birthday paradox, and it is described in this way.
If n people are randomly selected, what is the probability that two of the n people have the same birthday? If you want the probability to be 100%, you only need to select 367 people. Because there are only 366 birthday dates (including February 29).
If you want the probability to reach 99.9%, then only 70 people are enough. With a 50% probability, only 23 people are needed.
For current kindergarten children, if there are almost 30 people in a class, there will be a greater than 50% chance that two people in the class have the same birthday.
Does it sound amazing? Is the cardinal number in our first image much less?
Let's look at a probability map:
In practical applications, the probability model in the birthday problem can be used to reduce the complexity of collision attacks, or to evaluate the probability of collision attacks in a hash function.
How to calculate it?
If P(A) is the probability of the same birthday, then P(A) = 1-P(A<super>'</super>), where P(A<super>'</super>) is the probability of different birthdays .
The probability of a person having a different birthday is 365/365, and the probability of two people having a different birthday is 365/365 * 364/365, and so on.
We can get that the probability that 23 people have different birthdays is about 0.492703.
In other words, the probability that two of 23 people have the same birthday can be greater than 50%.
Look at another table for a more intuitive description:
Derivation of the birthday problem
The value range of the birthday question is within 365 days of a year, which means that there are only 365 possibilities for birthdays.
Let's extend this problem to the general situation. Suppose there is a function f whose output range is H. Then our attack is to find two different x and y, let f(x)=f(y).
At this time, we can say that x and y have collided.
According to the formula of probability theory, if we want to achieve a 50% probability, then the number of attempts is:
If the possible calculated result is expressed in bits, we can refer to the following probability table:
Application of birthday attack
Birthday attacks are generally used in digital signatures. Generally speaking, in order to sign confidential messages, due to the limitation of encryption, if the message is very large, it is impossible to sign all messages. Usually, the hash value of the message is calculated, and then the hash value is signed.
For example, if someone wants to make a fraudulent contract, they will modify the original contract and keep trying to find a modified contract so that the hash of the contract and the previous contract is the same, resulting in the signatures of both The same is true.
How to resist this kind of attack? According to the formula of our birthday attack, of course, the output length of the hash function used in the signature scheme is chosen to be large enough to make the birthday attack computationally infeasible.
This article has been included in http://www.flydean.com/birthday-attack/
The most popular interpretation, the most profound dry goods, the most concise tutorial, and many tips you don't know are waiting for you to discover!
Welcome to pay attention to my official account: "Program those things", know technology, know you better!
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。