Collisions and Other Non-random Properties for Step-Reduced SHA-256
Sebastiaan Indesteege,Florian Mendel,Bart Preneel,Christian Rechberger +3 more
- pp 276-293
Reads0
Chats0
TLDR
In this article, the first collision attacks on SHA-256 were presented in 23 and 24 steps with complexities of 218 and 228.5, respectively, and a collision attack for up to 22 steps.Abstract:
We study the security of step-reduced but otherwise unmodified SHA-256. We show the first collision attacks on SHA-256 reduced to 23 and 24 steps with complexities 218 and 228.5, respectively. We give example colliding message pairs for 23-step and 24-step SHA-256. The best previous, recently obtained result was a collision attack for up to 22 steps. We extend our attacks to 23 and 24-step reduced SHA-512 with respective complexities of 244.9 and 253.0. Additionally, we show non-random behaviour of the SHA-256 compression function in the form of free-start near-collisions for up to 31 steps, which is 6 more steps than the recently obtained non-random behaviour in the form of a semi-free-start near-collision. Even though this represents a step forwards in terms of cryptanalytic techniques, the results do not threaten the security of applications using SHA-256.read more
Citations
More filters
Book ChapterDOI
Bicliques for preimages: attacks on skein-512 and the SHA-2 family
TL;DR: The concept of biclique as a tool for preimage attacks was introduced in this paper, which employs many powerful techniques from differential cryptanalysis of block ciphers and hash functions.
Book ChapterDOI
Preimages for Step-Reduced SHA-2
TL;DR: In this article, a meet-in-the-middle preimage attack was proposed for SHA-256 and SHA-512 compression functions, which uses a range of novel techniques to split the function into two independent parts and then match them in a birthday-style phase.
Book ChapterDOI
Finding SHA-2 characteristics: searching through a minefield of contradictions
TL;DR: This paper presents the first automated tool for finding complex differential characteristics in SHA-2 and shows that the techniques on SHA-1 cannot directly be applied toSHA-2, and shows how to overcome difficulties by including the search for conforming message pairs in thesearch for differential characteristics.
Book ChapterDOI
Improving Local Collisions: New Attacks on Reduced SHA-256
TL;DR: In this paper, the authors focus on the construction of semi-free-start collisions for SHA-256, and show how to turn them into collisions using a two-block approach.
Book ChapterDOI
New Collision Attacks against Up to 24-Step SHA-2
TL;DR: In this article, the authors presented new and improved attacks against 22, 23 and 24-step SHA-2 family using a local collision given by Sanadhya and Sarkar (SS) at ACISP '08.
References
More filters
Book ChapterDOI
Hash functions based on block ciphers
Xucjia Lai,James L. Massey +1 more
TL;DR: A principle is formalized for evaluating the strength of hash round functions, viz., that applying computationally simple invertible transformations to the input and output of a hashround function yields a new hash round function with the same security.
Journal Article
Security analysis of SHA-256 and sisters
Henri Gilbert,Helena Handschuh +1 more
TL;DR: In this article, the security of SHA-256, SHA-384 and SHA-512 against collision attacks was studied. But the authors concluded that neither Chabaud and Joux's attack, nor Dobbertin-style attacks also don't apply on the underlying structure.
Book ChapterDOI
Differential Collisions in SHA-0
Florent Chabaud,Antoine Joux +1 more
TL;DR: A theoretical attack on the compression function SHA-O with complexity 2 61 is obtained, which is thus better than the birthday paradox attack and is a strong evidence that the transition to version 1 indeed raised the level of security of SHA.
Journal Article
Efficient algorithms for computing differential properties of addition
Helger Lipmaa,Shiho Moriai +1 more
TL;DR: In this paper, the authors systematically studied the differential properties of addition modulo 2 and presented log-time algorithms for most of the properties, including the differential probability of addition, for finding good differentials.
Journal Article
Analysis of step-reduced SHA-256
TL;DR: In this paper, the authors analyzed the security of SHA-256 against fast collision search and showed that the low probability of a single local collision may give rise to a false sense of security.