Collisions on SHA-0 in One Hour
Stéphane Manuel,Thomas Peyrin +1 more
- pp 16-35
Reads0
Chats0
TLDR
This paper shows that the previous perturbation vectors used in all known attacks are not optimal and provides a new 2-block one and is able to produce the best collision attack against SHA-0 so far, with a measured complexity of 233,6hash function calls.Abstract:
At Crypto 2007, Joux and Peyrin showed that the boomerang attack, a classical tool in block cipher cryptanalysis, can also be very useful when analyzing hash functions. They applied their new theoretical results to SHA and provided new improvements for the cryptanalysis of this algorithm. In this paper, we concentrate on the case of SHA-0 . First, we show that the previous perturbation vectors used in all known attacks are not optimal and we provide a new 2-block one. The problem of the possible existence of message modifications for this vector is tackled by the utilization of auxiliary differentials from the boomerang attack, relatively simple to use. Finally, we are able to produce the best collision attack against SHA-0 so far, with a measured complexity of 233,6hash function calls. Finding one collision for SHA-0 takes us approximatively one hour of computation on an average PC.read more
Citations
More filters
Book ChapterDOI
The first collision for full SHA-1
TL;DR: The SHA-1 hash function standard was deprecated by NIST in 2011 due to fundamental security weaknesses demonstrated in various analyses and theoretical attacks as mentioned in this paper, and was replaced by the SHA-2 standard.
Journal Article
The first collision for full SHA-1.
TL;DR: SHA-1 is a widely used 1995 NIST cryptographic hash function standard that was officially deprecated by NIST in 2011 due to fundamental security weaknesses demonstrated in various analyses and theoretical attacks.
Journal ArticleDOI
Classification and generation of disturbance vectors for collision attacks against SHA-1
TL;DR: It is shown that all published disturbance vectors can be classified into two types of vectors, type-I and type-II, and a deterministic algorithm is presented which produces efficient disturbance vectors with respect to any given cost function.
Journal ArticleDOI
Low-Data Complexity Attacks on AES
Charles Bouillaguet,Patrick Derbez,Orr Dunkelman,Pierre-Alain Fouque,Nathan Keller,Vincent Rijmen +5 more
TL;DR: This paper presents attacks on up to four rounds of AES that require at most three known/chosen plaintexts, and applies these attacks to cryptanalyze an AES-based stream cipher, and to mount the best known plaintext attack on six-round AES.
References
More filters
Journal Article
Near-collisions of SHA-0
Eli Biham,Rafi Chen +1 more
TL;DR: In this paper, it was shown that up to 142 of the 160 bits of the output are equal in SHA-0, which is a large improvement to the best previous result of 35 rounds.
Book ChapterDOI
Differential Collisions in SHA-0
Florent Chabaud,Antoine Joux +1 more
TL;DR: A theoretical attack on the compression function SHA-O with complexity 2 61 is obtained, which is thus better than the birthday paradox attack and is a strong evidence that the transition to version 1 indeed raised the level of security of SHA.
Journal Article
Collisions of SHA-0 and reduced SHA-1
TL;DR: Improvements to the techniques used to cryptanalyze SHA-0 are described and improvements that allow us to find collisions of reduced versions of SHA-1 are presented, that show that collisions up to about 53–58 rounds can still be found faster than by birthday attacks.
Formal aspects of mobile code security
TL;DR: The results show that modern theorem provers and BDD-based reasoning tools are effective for reasoning about some of the key problems facing mobile code security today.