Collision attacks are a major concern in the realm of cryptography.
Under certain circumstances, they can be used by an attacker to undermine the security provided by digital signatures, allowing them to make data appear fraudulent as if its integrity and authenticity have been verified.
This means collision attacks can bypass the security mechanisms we rely on to keep our online world safe.
But before you can understand what a collision attack is, you first need to understand what a collision is.
To do that, we need to take a step further back and get you up to speed with hashing.
What is a Hash Collision and What Are They Used For?
A collision is when things don’t go as planned, and two separate inputs result in the same hash value. As we’ve said, this isn’t supposed to happen, and it can be incredibly troublesome if it does.
When collisions are practical, they allow attackers to completely undermine the integrity and authentication aspects of digital signatures.
This can lead to all sorts of problems, including fraud and allowing attackers to break through existing security systems.
I’ll let you in on a little secret: It’s impossible to design a hash function to completely avoid collisions.
This is due to the pigeonhole principle. In the context of hashing, it states that if there are more inputs than possible hashes, then some inputs must result in the same hashes.
So, a collision attack is simply when an attacker finds one of these collisions and uses it to undermine the security that the hash was supposed to provide.
What is Collision Attacks Used For? (Hash Collision Examples)
Here are some common examples of collision attacks:
Freestart collision attacks
Free-start collision attacks are possible on hash functions that are based on the Merkle-Damgard construct. This means that MD5, SHA-1, and SHA-2 are vulnerable, but not SHA-3, which is designed with a sponge structure.
A free start collision is different because it involves allowing an attacker to choose their initialization vectors. This allows them to reduce the security of the hash function.
Why would someone do that? Researchers do it in the lab because it allows them to play around with hash functions and gives them a better understanding of their weaknesses.
Classic Collision Attack
In a classic collision attack, the goal is to find two different messages that result in the same hash.
Thus, a classic collision attack involves an attacker finding two messages where message x is not equal to message y, but the hash of x is equal to the hash of y.
Chosen-Prefix Collision Attacks
They are significantly more challenging, but in the circumstances where they are possible, they pose a much greater threat than classic collision attacks.
In contrast to the classic collision attacks we described above, a chosen prefix collision involves additional restrictions.
Rather than just being able to find possible collisions, the attacker must be able to find collisions involving two pre-specified prefixes.
Preimage attacks are related to collision attacks but involve trying to find messages that result in specific hashes.
A preimage attack involves taking a given hash and then discovering the initial input that produced it.
How to Prevent Collision Attacks
There isn’t much the average user can do to protect against crashes, other than basic things like updating to the latest versions to make sure they’re not running old, vulnerable software.
Developers must ensure that they only use cryptographic hash algorithms that are safe for their purpose. For things like digital signatures, they should use algorithms like SHA-2 or SHA-3 to ensure that the signatures can be trusted for integrity and authentication.
Other than that, developers should check every few years to keep up with the security status of the algorithms they use. If the attacks against the hashing algorithm they implement become more severe, then they must begin the process of change.