SlideShare a Scribd company logo

Birthday Paradox explained

Sajith Ekanayaka
Sajith Ekanayaka

A birthday attack is a type of cryptographic attack that exploits the mathematics behind the birthday problem in probability theory. This attack can be used to abuse communication between two or more parties. The attack depends on the higher likelihood of collisions found between random attack attempts and a fixed degree of permutations

Technology
1 of 12
Download to read offline
Birthday Paradox
What is a Paradox…? •A paradox is a statement or concept that contains conflicting ideas. • For example, consider a situation in which a father and his son are driving down the road. The car crashes into a tree and the father is killed. The boy is rushed to the nearest hospital where he is prepared for emergency surgery. On entering the surgery suite, the surgeon says, "I can't operate on this boy. He's my son." • The paradox is resolved if it is revealed that the surgeon is a woman — the boy's mother. 2 ©RkskEkanayaka
The Birthday Paradox • There are n people in a room, what is the probability that at least two people have the same birthday? • For n=2: P(2) = 1 - 364 365 • For n=3: P(3) = 1 – ( 364 365 × 363 365 ) • For n persons: P(n) = 1 – ( 364 365 × 363 365 × … × 365−𝑛−1 365 ) • With 22 people in a room, there is better than 50% chance that two people have a common birthday. • With 40 people in a room there is almost 90% chance that two people have a common birthday. 3 ©RkskEkanayaka
The Birthday Paradox… • If n ≥ √365 then this probability is more than half. • In general, if there are k possibilities then on average √𝑘 trials are required to find a collision. 4 ©RkskEkanayaka
Hash Functions • A hash function takes a variable length message M and produces a fixed length message digest. • If the length of the digest is m then there are 2 𝑚 possible message digests. • More than one message will be mapped to the same digest. 5 ©RkskEkanayaka
Probability of Hash Collisions • If we apply k random messages to our hash code what must the value of k to have probability of 0.5 that at least one duplicate? Using previous equation, we have k = √2 𝑚 = 2 𝑚/2 6 ©RkskEkanayaka
Birthday Attack • Consider a hash function that gets an arbitrary message and outputs a n-bit digest. • There are 2 𝑛 possible digests. • Then we need to try an average of 2 𝑛/2 messages to find two with the same digest. • For a 64-bit digest, this requires 232 tries. • For a 128-bit digest, this requires 264 (~1019) tries. (That is computationally infeasible.) 7 ©RkskEkanayaka
Birthday Attack… • A is prepared to “sign” a message by appending the appropriate m-bit hash code and encrypting that hash code with A’s private key. • An attacker generates 2 𝑚/2 variations on the message, all of which gives the same meaning. The attacker prepares an equal number of messages, all of which are variations of the fraudulent message to be substituted for the real one. 8 ©RkskEkanayaka
Birthday Attack… • The two sets of messages are compared to find a pair of messages that produce the same hash code. The probability of success is greater than 0.5. If no match is found, additional valid and fraudulent messages are generated until a match is made. • The attacker offers the valid variation to A for signature. This signature can then be attached to the fraudulent variation for transmission to the intended recipient. Because the two variations have the same hash code, they will produce the same signature; the attacker is assured of success even though the encryption key is not known. 9 ©RkskEkanayaka
How to avoid birthday attack • To avoid this attack, the output length of the hash function used for a signature scheme can be chosen large enough so that the birthday attack becomes computationally infeasible. • i.e. about twice as many bits as are needed to prevent an ordinary brute-force attack. 10 ©RkskEkanayaka
References • https://en.wikipedia.org/wiki/Birthday_problem • https://en.wikipedia.org/wiki/Birthday_attack • www.facweb.iitkgp.ernet.in/~sourav/lecture_note9.pdf • https://www.youtube.com/watch?v=2bEL3ok8D70 • https://www.youtube.com/watch?v=jBXWuQGRosM ©RkskEkanayaka 11
Thank you. 12 ©RkskEkanayaka

Recommended

Hash Function
Hash FunctionHash Function
Hash Function
Siddharth Srivastava
 
RC4&RC5
RC4&RC5RC4&RC5
RC4&RC5
Mohamed El-Serngawy
 
Encryption And Decryption
Encryption And DecryptionEncryption And Decryption
Encryption And Decryption
NA
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information Security
Dr Naim R Kidwai
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash function
omarShiekh1
 
Substitution techniques
Substitution techniquesSubstitution techniques
Substitution techniques
vinitha96
 
Birthday paradox
Birthday paradoxBirthday paradox
Birthday paradox
Sajid Iqbal
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
Rashmi Burugupalli
 

Recommended

Hash Function
Hash FunctionHash Function
Hash Function
Siddharth Srivastava
 
RC4&RC5
RC4&RC5RC4&RC5
RC4&RC5
Mohamed El-Serngawy
 
Encryption And Decryption
Encryption And DecryptionEncryption And Decryption
Encryption And Decryption
NA
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information Security
Dr Naim R Kidwai
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash function
omarShiekh1
 
Substitution techniques
Substitution techniquesSubstitution techniques
Substitution techniques
vinitha96
 
Birthday paradox
Birthday paradoxBirthday paradox
Birthday paradox
Sajid Iqbal
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
Rashmi Burugupalli
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
Shashank Shetty
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)
Haris Ahmed
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation
harshit chavda
 
Naive bayes
Naive bayesNaive bayes
Naive bayes
Ashraf Uddin
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
Mijanur Rahman Milon
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption Standard
Prince Rachit
 
Data Mining: Concepts and Techniques (3rd ed.) - Chapter 3 preprocessing
Data Mining: Concepts and Techniques (3rd ed.) - Chapter 3 preprocessingData Mining: Concepts and Techniques (3rd ed.) - Chapter 3 preprocessing
Data Mining: Concepts and Techniques (3rd ed.) - Chapter 3 preprocessing
Salah Amean
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
Sunita Kharayat
 
Encryption ppt
Encryption pptEncryption ppt
Encryption ppt
Anil Neupane
 
Data mining Measuring similarity and desimilarity
Data mining Measuring similarity and desimilarityData mining Measuring similarity and desimilarity
Data mining Measuring similarity and desimilarity
Rushali Deshmukh
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithm
Computer_ at_home
 
block ciphers
block ciphersblock ciphers
block ciphers
Asad Ali
 
Daa
DaaDaa
Daa
Dhananjay Singh
 
Message authentication
Message authenticationMessage authentication
Message authentication
CAS
 
3. mining frequent patterns
3. mining frequent patterns3. mining frequent patterns
3. mining frequent patterns
Azad public school
 
Ensemble methods in machine learning
Ensemble methods in machine learningEnsemble methods in machine learning
Ensemble methods in machine learning
SANTHOSH RAJA M G
 
Cryptography
CryptographyCryptography
Cryptography
Sidharth Mohapatra
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key Cryptosystem
Devakumar Kp
 
Data mining: Classification and prediction
Data mining: Classification and predictionData mining: Classification and prediction
Data mining: Classification and prediction
DataminingTools Inc
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication Protocols
Trinity Dwarka
 
Authentication protocols based on zero knowledge proofs (Part 1 - Brief Talk)
Authentication protocols based on zero knowledge proofs (Part 1 - Brief Talk)Authentication protocols based on zero knowledge proofs (Part 1 - Brief Talk)
Authentication protocols based on zero knowledge proofs (Part 1 - Brief Talk)
Israel Buitron
 

More Related Content

What's hot

What's hot (20)

RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation
 
Naive bayes
Naive bayesNaive bayes
Naive bayes
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption Standard
 
Data Mining: Concepts and Techniques (3rd ed.) - Chapter 3 preprocessing
Data Mining: Concepts and Techniques (3rd ed.) - Chapter 3 preprocessingData Mining: Concepts and Techniques (3rd ed.) - Chapter 3 preprocessing
Data Mining: Concepts and Techniques (3rd ed.) - Chapter 3 preprocessing
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
 
Encryption ppt
Encryption pptEncryption ppt
Encryption ppt
 
Data mining Measuring similarity and desimilarity
Data mining Measuring similarity and desimilarityData mining Measuring similarity and desimilarity
Data mining Measuring similarity and desimilarity
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithm
 
block ciphers
block ciphersblock ciphers
block ciphers
 
Daa
DaaDaa
Daa
 
Message authentication
Message authenticationMessage authentication
Message authentication
 
3. mining frequent patterns
3. mining frequent patterns3. mining frequent patterns
3. mining frequent patterns
 
Ensemble methods in machine learning
Ensemble methods in machine learningEnsemble methods in machine learning
Ensemble methods in machine learning
 
Cryptography
CryptographyCryptography
Cryptography
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key Cryptosystem
 
Data mining: Classification and prediction
Data mining: Classification and predictionData mining: Classification and prediction
Data mining: Classification and prediction
 

Viewers also liked

Viewers also liked (6)

Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication Protocols
 
Authentication protocols based on zero knowledge proofs (Part 1 - Brief Talk)
Authentication protocols based on zero knowledge proofs (Part 1 - Brief Talk)Authentication protocols based on zero knowledge proofs (Part 1 - Brief Talk)
Authentication protocols based on zero knowledge proofs (Part 1 - Brief Talk)
 
Authentication protocols based on zero knowledge proof (Part 2 - Brief talk)
Authentication protocols based on zero knowledge proof (Part 2 - Brief talk)Authentication protocols based on zero knowledge proof (Part 2 - Brief talk)
Authentication protocols based on zero knowledge proof (Part 2 - Brief talk)
 
Ch06
Ch06Ch06
Ch06
 
Public Key Algorithms
Public Key AlgorithmsPublic Key Algorithms
Public Key Algorithms
 
Zero knowledge proofsii
Zero knowledge proofsiiZero knowledge proofsii
Zero knowledge proofsii
 

Similar to Birthday Paradox explained

Generating Natural-Language Text with Neural Networks
Generating Natural-Language Text with Neural NetworksGenerating Natural-Language Text with Neural Networks
Generating Natural-Language Text with Neural Networks
Jonathan Mugan
 
detailed presentation on cryptography analysis
detailed presentation on cryptography analysisdetailed presentation on cryptography analysis
detailed presentation on cryptography analysis
BARATH800940
 
7-cryptography.pptfffffffffffffffffffffffffffffffffff
7-cryptography.pptfffffffffffffffffffffffffffffffffff7-cryptography.pptfffffffffffffffffffffffffffffffffff
7-cryptography.pptfffffffffffffffffffffffffffffffffff
maninthemirrorrror
 

Similar to Birthday Paradox explained (20)

2 Cryptographic_Hash_Functions.pptx
2 Cryptographic_Hash_Functions.pptx2 Cryptographic_Hash_Functions.pptx
2 Cryptographic_Hash_Functions.pptx
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
 
Generating Natural-Language Text with Neural Networks
Generating Natural-Language Text with Neural NetworksGenerating Natural-Language Text with Neural Networks
Generating Natural-Language Text with Neural Networks
 
Pedersen semeval-2013-poster-may24
Pedersen semeval-2013-poster-may24Pedersen semeval-2013-poster-may24
Pedersen semeval-2013-poster-may24
 
Cryptography using probability
Cryptography using probabilityCryptography using probability
Cryptography using probability
 
7-cryptography.ppt
7-cryptography.ppt7-cryptography.ppt
7-cryptography.ppt
 
7-cryptography.ppt
7-cryptography.ppt7-cryptography.ppt
7-cryptography.ppt
 
7-cryptography.ppt
7-cryptography.ppt7-cryptography.ppt
7-cryptography.ppt
 
RSA.ppt
RSA.pptRSA.ppt
RSA.ppt
 
the art of the fking dum crypto_basic.ppt
the art of the fking dum crypto_basic.pptthe art of the fking dum crypto_basic.ppt
the art of the fking dum crypto_basic.ppt
 
This is the presentation ofcryptography.ppt
This is the presentation ofcryptography.pptThis is the presentation ofcryptography.ppt
This is the presentation ofcryptography.ppt
 
7 cryptography
7 cryptography7 cryptography
7 cryptography
 
Crytography CertCourse Module 1 & 2.ppt
Crytography CertCourse Module 1 & 2.pptCrytography CertCourse Module 1 & 2.ppt
Crytography CertCourse Module 1 & 2.ppt
 
Best book for the cryptography doctor.ppt
Best book for the cryptography doctor.pptBest book for the cryptography doctor.ppt
Best book for the cryptography doctor.ppt
 
detailed presentation on cryptography analysis
detailed presentation on cryptography analysisdetailed presentation on cryptography analysis
detailed presentation on cryptography analysis
 
7-cryptography.pptfffffffffffffffffffffffffffffffffff
7-cryptography.pptfffffffffffffffffffffffffffffffffff7-cryptography.pptfffffffffffffffffffffffffffffffffff
7-cryptography.pptfffffffffffffffffffffffffffffffffff
 
Information and network security 38 birthday attacks and security of hash fun...
Information and network security 38 birthday attacks and security of hash fun...Information and network security 38 birthday attacks and security of hash fun...
Information and network security 38 birthday attacks and security of hash fun...
 
Introduction to cryptography part2-final
Introduction to cryptography part2-finalIntroduction to cryptography part2-final
Introduction to cryptography part2-final
 
Blockchain Technology Introduction and Basics
Blockchain Technology Introduction and BasicsBlockchain Technology Introduction and Basics
Blockchain Technology Introduction and Basics
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Birthday Paradox explained

  • 2. What is a Paradox…? •A paradox is a statement or concept that contains conflicting ideas. • For example, consider a situation in which a father and his son are driving down the road. The car crashes into a tree and the father is killed. The boy is rushed to the nearest hospital where he is prepared for emergency surgery. On entering the surgery suite, the surgeon says, "I can't operate on this boy. He's my son." • The paradox is resolved if it is revealed that the surgeon is a woman — the boy's mother. 2 ©RkskEkanayaka
  • 3. The Birthday Paradox • There are n people in a room, what is the probability that at least two people have the same birthday? • For n=2: P(2) = 1 - 364 365 • For n=3: P(3) = 1 – ( 364 365 × 363 365 ) • For n persons: P(n) = 1 – ( 364 365 × 363 365 × … × 365−𝑛−1 365 ) • With 22 people in a room, there is better than 50% chance that two people have a common birthday. • With 40 people in a room there is almost 90% chance that two people have a common birthday. 3 ©RkskEkanayaka
  • 4. The Birthday Paradox… • If n ≥ √365 then this probability is more than half. • In general, if there are k possibilities then on average √𝑘 trials are required to find a collision. 4 ©RkskEkanayaka
  • 5. Hash Functions • A hash function takes a variable length message M and produces a fixed length message digest. • If the length of the digest is m then there are 2 𝑚 possible message digests. • More than one message will be mapped to the same digest. 5 ©RkskEkanayaka
  • 6. Probability of Hash Collisions • If we apply k random messages to our hash code what must the value of k to have probability of 0.5 that at least one duplicate? Using previous equation, we have k = √2 𝑚 = 2 𝑚/2 6 ©RkskEkanayaka
  • 7. Birthday Attack • Consider a hash function that gets an arbitrary message and outputs a n-bit digest. • There are 2 𝑛 possible digests. • Then we need to try an average of 2 𝑛/2 messages to find two with the same digest. • For a 64-bit digest, this requires 232 tries. • For a 128-bit digest, this requires 264 (~1019) tries. (That is computationally infeasible.) 7 ©RkskEkanayaka
  • 8. Birthday Attack… • A is prepared to “sign” a message by appending the appropriate m-bit hash code and encrypting that hash code with A’s private key. • An attacker generates 2 𝑚/2 variations on the message, all of which gives the same meaning. The attacker prepares an equal number of messages, all of which are variations of the fraudulent message to be substituted for the real one. 8 ©RkskEkanayaka
  • 9. Birthday Attack… • The two sets of messages are compared to find a pair of messages that produce the same hash code. The probability of success is greater than 0.5. If no match is found, additional valid and fraudulent messages are generated until a match is made. • The attacker offers the valid variation to A for signature. This signature can then be attached to the fraudulent variation for transmission to the intended recipient. Because the two variations have the same hash code, they will produce the same signature; the attacker is assured of success even though the encryption key is not known. 9 ©RkskEkanayaka
  • 10. How to avoid birthday attack • To avoid this attack, the output length of the hash function used for a signature scheme can be chosen large enough so that the birthday attack becomes computationally infeasible. • i.e. about twice as many bits as are needed to prevent an ordinary brute-force attack. 10 ©RkskEkanayaka
  • 11. References • https://en.wikipedia.org/wiki/Birthday_problem • https://en.wikipedia.org/wiki/Birthday_attack • www.facweb.iitkgp.ernet.in/~sourav/lecture_note9.pdf • https://www.youtube.com/watch?v=2bEL3ok8D70 • https://www.youtube.com/watch?v=jBXWuQGRosM ©RkskEkanayaka 11