# Bank of Russia to assess Bitcoin holdings volumes as \$36B leave banks

The Bank of Russia remains skeptical on crypto despite the Russian president viewing it as a potential unit of account.

Complexity if there are more than one collision

Let $$h: {0,1}^*$$$${0,1}^l$$ be a hash function. We define a k-collision as a set of k distinct messages in which $$h(m_1)=h(m_2)=…=h(m_k)$$

There is an attack running in time $$O(2^l)$$ which evaluates $$h$$ on $$2^l + 1$$ distinct inputs, by the pigeonhole principle, two of the outputs must be equal.
A better way is using birthday attack and $$O(2^{l/2})$$. How can we use this to find a complexity for multi-collision of $$h$$ that is a random oracle model? Another question that we can think of is what happens if k is some power of 2 in a Merkle-Damgård construction?
The Merkle-Damgård transform based on the textbook is as follows:

Let $$(Gen, h)$$ be a fixed-length hash function for inputs of length $$2 n$$ and with output length $$n$$. Construct hash function $$(Gen, H)$$ as follows:

• $$Gen$$: remains unchanged.
• $$H$$ : on input a key $$s$$ and a string $$x in{0,1}^{*}$$ of length $$L<2^{n}$$, do the following:
1. Set $$B:=leftlceilfrac{L}{n}rightrceil$$ (i.e., the number of blocks in $$x$$ ). Pad $$x$$ with zeros so its length is a multiple of $$n$$. Parse the padded result as the sequence of $$n$$-bit blocks $$x_{1}, ldots, x_{B}$$. Set $$x_{B+1}:=L$$, where $$L$$ is encoded as an $$n$$-bit string.
2. Set $$z_{0}:=0^{n}$$. (This is also called the $$I V$$.)
3. For $$i=1, ldots, B+1$$, compute $$z_{i}:=h^{s}left(z_{i-1} | x_{i}right)$$.
4. Output $$z_{B+1}$$.

#### Bank of Russia to assess Bitcoin holdings volumes as \$36B leave banks

Shopping cart
There are no products in the cart!
Continue shopping
0