This attack can find collisions or (second) preimages for certain classes of hash functions. It consists of substituting all blocks of the input except for one or more blocks. This attack often applies to the last block and is then called a correcting-last-block attack, but it can also apply to the first block or to some blocks in the middle. For a preimage attack, one chooses an arbitrary message X and finds one or more correcting blocks Y such that \(h(X \| Y)\) takes a certain value (here \(\|\) denotes concatenation). For a second preimage attack on the target message \(X \| Y\), one chooses \(X'\) and searches for one or more correcting blocks \(Y'\) such that \(h(X' \| Y') = h(X \| Y)\) (note that one may select \(X'=X\)). For a collision attack, one chooses two arbitrary messages X and \(X'\) with \(X' \neq X\); subsequently one searches for one or more correcting blocks denoted by Y and \(Y'\), such that \(h(X' \| Y') = h(X \| Y)\).
The hash functions based on algebraic...
References
Bosset, J. (1977). “Contre les risques d'altération, un système de certification des informations.” 01 Informatique, 107.
Camion, P. (1986). “Can a fast signature scheme without secret be secure?” Proc. 2nd International Conference on Applied Algebra, Algebraic Algorithms, and Error-Correcting Codes, Lecture Notes in Computer Science, vol. 228, ed. A. Poli. Springer-Verlag, Berlin, 215–241.
Coppersmith, D. (1989). “Analysis of ISO/CCITT document X.509 annex D.” IBM T.J. Watson Center, Yorktown Heights, NY. Internal Memo.
Davies, D. and W.L. Price (1984). “Digital signatures, an update.” Proc. 5th International Conference on Computer Communication, October 1984, 845–849.
Girault, M. (1988). “Hash-functions using modulo-n operations.” Advances in Cryptology—EUROCRYPT'87, Lecture Notes in Computer Science, vol. 304, eds. D. Chaum and W.L. Price. Springer-Verlag, Berlin, 217–226.
Girault, M. and J.-F. Misarsky (1997). “Selective forgery of RSA signatures using redundancy.” Advances in Cryptology—EUROCRYPT'97, Lecture Notes in Computer Science, vol. 1233, ed. W. Fumy. Springer-Verlag, Berlin, 495–507.
ISO/IEC 10118 (1998). “Information technology—security techniques—hash-functions.” Part 4: Hash-Functions Using Modular Arithmetic, 10118-4:1998.
ITU-T X.500 (1988). “The directory—overview of concepts.” ITU-T Recommendation X.500 (same as IS 9594-1, 1989).
Preneel, B. (1993). “Analysis and design of cryptographic hash functions.” Doctoral Dissertation, Katholieke Universiteit Leuven.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this entry
Cite this entry
Preneel, B. (2005). Correcting-block attack. In: van Tilborg, H.C.A. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA . https://doi.org/10.1007/0-387-23483-7_79
Download citation
DOI: https://doi.org/10.1007/0-387-23483-7_79
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-23473-1
Online ISBN: 978-0-387-23483-0
eBook Packages: Computer ScienceReference Module Computer Science and Engineering