Efficient collision search attacks on SHA-0
Citations
1,600 citations
426 citations
305 citations
Cites methods from "Efficient collision search attacks ..."
...So as long as one does not want to sacrifice provable security by implementing the TCR function with a dedicated hash function like SHA-x or MD5 (what potentially renders the whole scheme insecure given the recent progress in attacking certain hash functions [38, 39]), one must either resort to inefficient generic constructions of TCR functions [25, 33], or one can use the “hash-free technique” described in [14]....
[...]
286 citations
Cites background from "Efficient collision search attacks ..."
...[20, 22] describe further major improvements....
[...]
...In [20, 22], examples for NL-characteristics are given which connect to a previously selected L-characteristic in the first block....
[...]
239 citations
References
1,600 citations
1,583 citations
"Efficient collision search attacks ..." refers background or methods in this paper
...The advanced modification techniques, however, do not seem to be directly applied to SHA-0 as in the cases of MD4, HAVAL-128 and MD5 etc....
[...]
...For MD5, the conditions are very concentrated in steps 17 and 18, while for SHA-0 the conditions are spread out due to the local collisions....
[...]
...Given the neutral bit techniques [1] which already allow the bypass of the first 22 steps, the modification techniques, as they were used in MD5, are difficult to offer additional improvements over the best existing attacks on SHA-0....
[...]
...In Section 4, we review the “message modification techniques” presented in [11,12,13] to break HAVA-128, MD5, MD4 and RIPEMD, and consider their effectiveness in improving existing attacks on SHA-0....
[...]
...Message modification techniques have been introduced in attacking HAVAL-128, MD5, MD4, RIPEMD [11,12,13] and SHA-0 [15] (not gave the precise description in [15])....
[...]
965 citations
759 citations