Collision attack

About: Collision attack is a research topic. Over the lifetime, 1093 publications have been published within this topic receiving 28389 citations.

Related-key rectangle attack on the full SHACAL-1

Abstract: SHACAL-1 is a 160-bit block cipher with variable key length of up to 512-bit key based on the hash function SHA-1. It was submitted to the NESSIE project and was accepted as a finalist for the 2nd phase of the evaluation. In this paper we devise the first known attack on the full 80-round SHACAL-1 faster than exhaustive key search. The related-key differentials used in the attack are based on transformation of the collision-producing differentials of SHA-1 presented by Wang et al.

Collision attacks on the reduced dual-stream hash function RIPEMD-128

Abstract: In this paper, we analyze the security of RIPEMD-128 against collision attacks. The ISO/IEC standard RIPEMD-128 was proposed 15 years ago and may be used as a drop-in replacement for 128-bit hash functions like MD5. Only few results have been published for RIPEMD-128, the best being a preimage attack for the first 33 steps of the hash function with complexity 2124.5. In this work, we provide a new assessment of the security margin of RIPEMD-128 by showing attacks on up to 48 (out of 64) steps of the hash function. We present a collision attack reduced to 38 steps and a near-collisions attack for 44 steps, both with practical complexity. Furthermore, we show non-random properties for 48 steps of the RIPEMD-128 hash function, and provide an example for a collision on the compression function for 48 steps. For all attacks we use complex nonlinear differential characteristics. Due to the more complicated dual-stream structure of RIPEMD-128 compared to its predecessor, finding high-probability characteristics as well as conforming message pairs is nontrivial. Doing any of these steps by hand is almost impossible or at least, very time consuming. We present a general strategy to analyze dual-stream hash functions and use an automatic search tool for the two main steps of the attack. Our tool is able to find differential characteristics and perform advanced message modification simultaneously in the two streams.

Branching Heuristics in Differential Collision Search with Applications to SHA-512

Abstract: In this work, we present practical semi-free-start collisions for SHA-512 on up to 38 (out of 80) steps with complexity \(2^{40.5}\). The best previously published result was on 24 steps. The attack is based on extending local collisions as proposed by Mendel et al. in their Eurocrypt 2013 attack on SHA-256. However, for SHA-512, the search space is too large for direct application of these techniques. We achieve our result by improving the branching heuristic of the guess-and-determine approach to find differential characteristics and conforming message pairs. Experiments show that for smaller problems like 27 steps of SHA-512, the heuristic can also speed up the collision search by a factor of \(2^{20}\).

An Efficient Collision Power Attack on AES Encryption in Edge Computing

Abstract: Edge computing has become a promising paradigm for the context-aware and delay-sensitive IoT data analytics. For the sake of security, some cryptographic algorithms such as AES, RSA, and so on, are employed for the encryption communication and authentication. The collision power attack is a typical physical attack to recover the secret key of the AES algorithm. However, almost all collision attacks aim at the detection of internal collisions caused by the output of S-boxes, and the linear layers are not concerned with those protected implementations. The relation between the mask and the masked data has been given little attention and stays as is, where the leakages still exist. In this paper, we focus on three typical AES implementations in edge computing, and propose a new type of collision attack by making use of leakages from linear layers, which is capable of breaking masking schemes with uniformly distributed random masks. In addition, a novel scalable collision attack of general applicability and high-efficiency is proposed and applied to masked linear layers and masked S-boxes. It can reach an equal level of performance compared to the second-order power analysis with acceptable off-line search, which improves the known collision attacks significantly.