<a href="https://colab.research.google.com/github/2002sahapriya/2002sahapriya/blob/main/%5BCO_487%5D_A2_Q5.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# Question 5: Hash Collisions
In this problem you will find hash collisions (almost).
Be sure to include your 8-character UW user ID.
Your goal is to construct partial collisions with strings that start with your 8-character UW user
ID. By “partial collision”, I mean two inputs whose hashes start with the same bits, but are not
entirely the same. For example,
```
SHA256(“sejaques0”) = 0x3946348d1c8b9e321e98d63bbfa51890f9ab6432e4e7697b3eb49c52b5b5c195
```
and
```
SHA256(“sejaques00”) = 0x38580e2e0102d592be8c74c727769c38e49f6c471cdb6a1b43482f302d07ce7d
```
collide on the first 4 bits: the first nibble (in hex) is 3, i.e., the first 4 bits are 0011 for both hashes.
Your goal in this question will be to produce larger collisions of hashes that start with your UW ID.

**Do not forget**: In hex, 1 byte is two characters (i.e. “38” is one byte; “3” is only half a byte)

---

**MY UW ID:** `20889604`

---


## (a) Find two such strings that collide only on the first byte.

Solution:
We want to find two different inputs that both start with "20089604" and whose SHA-256 hashes share the same byte (i.e. the same first 8 bits) while the next byte is different.

#### How we might do it:
A brute force search is feasible. For a one-byte collision the chance that two random hashes share the same first byte is 1 in $2^8=256$. We can use a dictionary to store hashes by their first byte and then stop when a collision is found. We repeatedly add a counter to "20889604" and compute the SHA-256 hash. When we find two different candidates that yield the same first byte, we print them.

#### Solution:
```
Input 1: b'2088960412'
Hash 1: ffa7f7eb7a6144934aa95851230ad2c8c4b04151dbe1196ee8380e5166bccaaa
Input 2: b'2088960419'
Hash 2: ff846f32ed4ab1c6e7665cfe376755cdea5b4504fcdd64980e7c6a5397548b73
```

The two strings with hash collision at the first byte are `"2088960412"` and `"2088960419"`

---


In [2]:
import hashlib

prefix = "20889604".encode() # UW ID as bytes
n = 1 # number of bytes to match

seen = {} # maps n-byte hash prefix to candidate input
i = 0

while True:
  # Create a candidate by appending an integer converted to bytes
  candidate = prefix + str(i).encode()
  hash = hashlib.sha256(candidate).digest()
  hash_prefix = hash[:n]

  if hash_prefix in seen:
    # Check if the candidate is different
    if seen[hash_prefix] != candidate:
      print("1-byte collision found!")
      print("Input 1:", seen[hash_prefix])
      print("Hash 1:", hashlib.sha256(seen[hash_prefix]).hexdigest())
      print("Input 2:", candidate)
      print("Hash 2:", hashlib.sha256(candidate).hexdigest())
      break
  else:
    seen[hash_prefix] = candidate

  i += 1

1-byte collision found!
Input 1: b'2088960412'
Hash 1: ffa7f7eb7a6144934aa95851230ad2c8c4b04151dbe1196ee8380e5166bccaaa
Input 2: b'2088960419'
Hash 2: ff846f32ed4ab1c6e7665cfe376755cdea5b4504fcdd64980e7c6a5397548b73


## (b) Find two such strings that collide only on the first 3 bytes.

#### Solution: Now we need two different inputs starting with "20889604" whose SHA-256 hashs are the same for the first **3** bytes (24 bits) and differ in the 4th byte.

#### How we might do it: The approach is similar to part (a) except now we set  `n = 3`. The probability that two random hashes share the first 3 bytes is 1 in $2^{24} \approx 16$ million.

Note: We include a check that the (n+1)th byte (here, the 4th byte) is different, to ensure the collision is “only” on 3 bytes.

```
Input 1: b'208896046966'
Hash 1: 43899ae3395315efa429ce47ccf2aca16c5c0d10c55e4370b18b3e9405042542
Input 2: b'208896048979'
Hash 2: 43899a91510c97795307012c0f88247a2395b0497f32835818daea961aa70ac2
```

---

In [3]:
import hashlib

prefix = "20889604".encode()
n = 3  # match first 3 bytes

seen = {}
i = 0

while True:
    candidate = prefix + str(i).encode()
    h = hashlib.sha256(candidate).digest()
    hash_prefix = h[:n]

    if hash_prefix in seen and seen[hash_prefix] != candidate:
        # Also check that the next byte is different.
        h1 = hashlib.sha256(seen[hash_prefix]).digest()
        h2 = h
        if h1[n] != h2[n]:
            print("3-byte collision found!")
            print("Input 1:", seen[hash_prefix])
            print("Hash 1:", hashlib.sha256(seen[hash_prefix]).hexdigest())
            print("Input 2:", candidate)
            print("Hash 2:", hashlib.sha256(candidate).hexdigest())
            break
    else:
        seen[hash_prefix] = candidate
    i += 1

3-byte collision found!
Input 1: b'208896046966'
Hash 1: 43899ae3395315efa429ce47ccf2aca16c5c0d10c55e4370b18b3e9405042542
Input 2: b'208896048979'
Hash 2: 43899a91510c97795307012c0f88247a2395b0497f32835818daea961aa70ac2


# (c) Fnd two such strings that collide only on the first 6 bytes.

Solution: We need to find two different strings starting with "20889604" whose hashes agree on the first 6 bytes (48 bites) but have a different 7th byte.

How we do it: This is the same as before, but with `n = 6`. The expected number of hashses is about $2^{(8 * 6)/2} = 2^{24}$ due to the birthday paradox.

```
Input 1: b'208896047920393'
Hash 1: 7fffa312623ddc96c0bbd20bfb3b52a2ecb604ad21706e09972180ee01b244c7
Input 2: b'2088960410192960'
Hash 2: 7fffa312623dcdeeb5d1db6d00ecff09df0719f8d383ff7dde9158ca488a5a40
```

In [1]:
import hashlib

prefix = "20889604".encode()
n = 6  # match first 6 bytes

seen = {}
i = 0

while True:
    candidate = prefix + str(i).encode()
    h = hashlib.sha256(candidate).digest()
    hash_prefix = h[:n]

    if hash_prefix in seen and seen[hash_prefix] != candidate:
        h1 = hashlib.sha256(seen[hash_prefix]).digest()
        h2 = h
        if h1[n] != h2[n]:
            print("6-byte collision found!")
            print("Input 1:", seen[hash_prefix])
            print("Hash 1:", hashlib.sha256(seen[hash_prefix]).hexdigest())
            print("Input 2:", candidate)
            print("Hash 2:", hashlib.sha256(candidate).hexdigest())
            break
    else:
        seen[hash_prefix] = candidate
    i += 1

6-byte collision found!
Input 1: b'208896047920393'
Hash 1: 7fffa312623ddc96c0bbd20bfb3b52a2ecb604ad21706e09972180ee01b244c7
Input 2: b'2088960410192960'
Hash 2: 7fffa312623dcdeeb5d1db6d00ecff09df0719f8d383ff7dde9158ca488a5a40


# (d) Find two strings that collide on the first 8 bytes.

Solution: Now we seek a collision on the first 8 bytes (64 bits). However, for longer collisions the search space becomes largers so we have to choose to work with raw bytes in the suffix - for example, generating random bytes rather than only numbers - to speed up the search.

In [None]:
import hashlib
import random
import multiprocessing as mp

PREFIX = b"20889604"  # UW ID
TARGET_BYTES = 8      # We want an 8-byte collision
DIST_BITS = 16        # Distinguished point: lower 16 bits must be zero
DIST_MASK = (1 << DIST_BITS) - 1

def f(x):
    x_bytes = x.to_bytes(8, byteorder='big')
    h = hashlib.sha256(PREFIX + x_bytes).digest()
    return int.from_bytes(h[:TARGET_BYTES], 'big')

def is_distinguished(x):
    return (x & DIST_MASK) == 0

def retrace_collision(seed1, seed2):
    # Re-run both chains until they meet
    x1, x2 = seed1, seed2
    while x1 != x2:
        x1 = f(x1)
        x2 = f(x2)
    return x1

def worker(shared_dist, shared_lock, found, collision_result, process_id):
    random_gen = random.SystemRandom()
    while not found.value:
        seed = random_gen.getrandbits(64)
        x = seed
        chain_length = 0
        while not is_distinguished(x):
            x = f(x)
            chain_length += 1
            if found.value:
                return
        d_point = x  # distinguished point
        key = d_point
        with shared_lock:  # use our explicit lock
            if key in shared_dist:
                old_seed, old_chain_length = shared_dist[key]
                if old_seed != seed:
                    collision_state = retrace_collision(old_seed, seed)
                    msg1 = PREFIX + old_seed.to_bytes(8, 'big')
                    msg2 = PREFIX + seed.to_bytes(8, 'big')
                    h1 = hashlib.sha256(msg1).digest()
                    h2 = hashlib.sha256(msg2).digest()
                    if h1[:TARGET_BYTES] == h2[:TARGET_BYTES] and (len(h1) <= TARGET_BYTES or h1[TARGET_BYTES] != h2[TARGET_BYTES]):
                        collision_result['msg1'] = msg1.hex()
                        collision_result['hash1'] = h1.hex()
                        collision_result['msg2'] = msg2.hex()
                        collision_result['hash2'] = h2.hex()
                        found.value = True
                        print(f"Process {process_id}: Collision found!")
                        return
            else:
                shared_dist[key] = (seed, chain_length)

def main():
    manager = mp.Manager()
    shared_dist = manager.dict()
    collision_result = manager.dict()
    found = manager.Value('i', False)
    # Create an explicit lock.
    shared_lock = manager.Lock()

    num_workers = mp.cpu_count()
    processes = []
    for i in range(num_workers):
        p = mp.Process(target=worker, args=(shared_dist, shared_lock, found, collision_result, i))
        p.start()
        processes.append(p)

    for p in processes:
        p.join()

    if collision_result:
        print("Collision details:")
        print("Input 1 (hex):", collision_result.get('msg1'))
        print("Hash 1:", collision_result.get('hash1'))
        print("Input 2 (hex):", collision_result.get('msg2'))
        print("Hash 2:", collision_result.get('hash2'))
    else:
        print("No collision found.")

if __name__ == "__main__":
    main()
