Non-linear Reduced Round Attacks against SHA-2 Hash Family
Somitra Kumar Sanadhya,Palash Sarkar +1 more
- pp 254-266
Reads0
Chats0
TLDR
This work builds on the work of Nikolic and Biryukov and provides a generalized nonlinear local collision which accepts an arbitrary initial message difference and presents first real examples of colliding message pairs for up to 20-step reduced SHA-512.Abstract:
Most of the attacks against (reduced) SHA-2 family in literature have used local collisions which are valid for linearized version of SHA-2 hash functions. Recently, at FSE '08, an attack against reduced round SHA-256 was presented by Nikolic and Biryukov which used a local collision which is valid for the actual SHA-256 function. It is a 9-step local collision which starts by introducing a modular difference of 1 in the two messages. It succeeds with probability roughly 1/3. We build on the work of Nikolic and Biryukov and provide a generalized nonlinear local collision which accepts an arbitrary initial message difference. This local collision succeeds with probability 1. Using this local collision we present attacks against 18-step SHA-256 and 18-step SHA-512 with arbitrary initial difference. Both of these attacks succeed with probability 1. We then present special cases of our local collision and show two different differential paths for attacking 20-step SHA-256 and 20-step SHA-512. One of these paths is the same as presented by Nikolic and Biryukov while the other one is a new differential path. Messages following both these differential paths can be found with probability 1. This improves on the previous result where the success probability of 20-step attack was 1/3. Finally, we present two differential paths for 21-step collisions for SHA-256 and SHA-512, one of which is a new path. The success probabilities of these paths for SHA-256 are roughly 2? 15and 2? 17which improve on the 21-step attack having probability 2? 19reported earlier. We show examples of message pairs following all the presented differential paths for up to 21-step collisions in SHA-256. We also show first real examples of colliding message pairs for up to 20-step reduced SHA-512.read more
Citations
More filters
Journal ArticleDOI
An ultrafast quantum random number generator with provably bounded output bias based on photon arrival time measurements
TL;DR: In this article, the authors report the implementation of a quantum random number generator based on photon arrival times, which is able to generate the highest bitrate of any current generator based with high resolution timing.
Book ChapterDOI
Finding SHA-2 characteristics: searching through a minefield of contradictions
TL;DR: This paper presents the first automated tool for finding complex differential characteristics in SHA-2 and shows that the techniques on SHA-1 cannot directly be applied toSHA-2, and shows how to overcome difficulties by including the search for conforming message pairs in thesearch for differential characteristics.
Book ChapterDOI
New Collision Attacks against Up to 24-Step SHA-2
TL;DR: In this article, the authors presented new and improved attacks against 22, 23 and 24-step SHA-2 family using a local collision given by Sanadhya and Sarkar (SS) at ACISP '08.
Book ChapterDOI
Collisions and Other Non-random Properties for Step-Reduced SHA-256
TL;DR: In this article, the first collision attacks on SHA-256 were presented in 23 and 24 steps with complexities of 218 and 228.5, respectively, and a collision attack for up to 22 steps.
Book ChapterDOI
Converting meet-in-the-middle preimage attack into pseudo collision attack: application to SHA-2
TL;DR: This paper presents not only the best pseudo collision attacks on SHA-2 family, but also a new insight of relation between a meet-in-the-middle preimage attack and a pseudo collision attack.
References
More filters
Book ChapterDOI
Finding collisions in the full SHA-1
TL;DR: This is the first attack on the full 80-step SHA-1 with complexity less than the 280 theoretical bound, and it is shown that collisions ofSHA-1 can be found with complexityLess than 269 hash operations.
Book ChapterDOI
How to break MD5 and other hash functions
Xiaoyun Wang,Hongbo Yu +1 more
TL;DR: A new powerful attack on MD5 is presented, which unlike most differential attacks, does not use the exclusive-or as a measure of difference, but instead uses modular integer subtraction as the measure.
Book ChapterDOI
Efficient collision search attacks on SHA-0
TL;DR: Using the new techniques, this paper can find collisions of the full 80-step SHA-0 with complexity less than 239 hash operations.
Journal Article
Security analysis of SHA-256 and sisters
Henri Gilbert,Helena Handschuh +1 more
TL;DR: In this article, the security of SHA-256, SHA-384 and SHA-512 against collision attacks was studied. But the authors concluded that neither Chabaud and Joux's attack, nor Dobbertin-style attacks also don't apply on the underlying structure.
Book ChapterDOI
Differential Collisions in SHA-0
Florent Chabaud,Antoine Joux +1 more
TL;DR: A theoretical attack on the compression function SHA-O with complexity 2 61 is obtained, which is thus better than the birthday paradox attack and is a strong evidence that the transition to version 1 indeed raised the level of security of SHA.