50

From Wikipedia:

Second pre-image resistance

Given an input $m_1$ it should be difficult to find another input $m_2$ such that $m_1$ ≠ $m_2$ and $\operatorname{hash}(m_1) = \operatorname{hash}(m_2)$. Functions that lack this property are vulnerable to second-preimage attacks.

Collision resistance

It should be difficult to find two different messages $m_1$ and $m_2$ such that $\operatorname{hash}(m_1) = \operatorname{hash}(m_2)$. Such a pair is called a cryptographic hash collision.

Could someone explain the difference between these two please? They very much appear to be identical to me, as in both definitions $m_1 \neq m_2$ and $\operatorname{hash}(m_1) = \operatorname{hash}(m_2)$.

yyyyyyy
  • 12,261
  • 4
  • 48
  • 68
ritch
  • 603
  • 1
  • 5
  • 6

2 Answers2

80

The difference is in the choice of $m_1$.

  • In the first case (second preimage resistance), the attacker is handed a fixed $m_1$ to which he has to find a different $m_2$ with equal hash. In particular, he can't choose $m_1$.
  • In the second case (collision resistance), the attacker can freely choose both messages $m_1$ and $m_2$, with the only requirement that they are different (and hash to the same value).

(From this, it is also obvious that collision resistance implies second preimage resistance: An attacker can just choose an arbitrary $m_1$ and compute a second preimage $m_2$ to obtain a collision.)

yyyyyyy
  • 12,261
  • 4
  • 48
  • 68
0

I believe it can be simplified a little -

The First preimage resistance is basically a non reversibility.

If you try to look in that light -

About Second preimage resistance- it is collision while reversing, that is looking from backward and a collision of messages.

M1 >> Digest >> M2 (where M1≠M2, but obtained from the same digest)

Now about Collision resistance- it is collision of the hash values from the different messages.

M1 >> Digest << M2 (where M1≠M2, but gave the same digest)

Hope it helped.

Neail
  • 1