Difference between revisions of "SHA-0"
From The ECRYPT Hash Function Website
Crechberger (talk | contribs) |
(→Preimage Attacks) |
||
(3 intermediate revisions by 3 users not shown) | |||
Line 19: | Line 19: | ||
=== Collision Attacks === | === Collision Attacks === | ||
+ | |||
+ | <bibtex> | ||
+ | @inproceedings{fseManuelP08, | ||
+ | author = {St{\'e}phane Manuel and Thomas Peyrin}, | ||
+ | title = {Collisions on SHA-0 in One Hour}, | ||
+ | booktitle = {FSE}, | ||
+ | year = {2008}, | ||
+ | pages = {16-35}, | ||
+ | abstract = {At Crypto 2007, Joux and Peyrin showed that the boomerang attack, a classical tool in block cipher cryptanalysis, can also be very useful when analyzing hash functions. They applied their new theoretical results to SHA and provided new improvements for the cryptanalysis of this algorithm. In this paper, we concentrate on the case of SHA-0. First, we show that the previous perturbation vectors used in all known attacks are not optimal and we provide a new 2-block one. The problem of the possible existence of message modifications for this vector is tackled by the utilization of auxiliary differentials from the boomerang attack, relatively simple to use. Finally, we are able to produce the best collision attack against SHA-0 so far, with a measured complexity of 2^33,6 hash function calls. Finding one collision for SHA-0 takes us approximatively one hour of computation on an average PC.}, | ||
+ | url = {http://dx.doi.org/10.1007/978-3-540-71039-4_2}, | ||
+ | editor = {Kaisa Nyberg}, | ||
+ | publisher = {Springer}, | ||
+ | series = {LNCS}, | ||
+ | volume = {5086}, | ||
+ | isbn = {978-3-540-71038-7}, | ||
+ | } | ||
+ | </bibtex> | ||
<bibtex> | <bibtex> | ||
Line 36: | Line 53: | ||
} | } | ||
</bibtex> | </bibtex> | ||
− | + | <bibtex> | |
+ | @inproceedings{cryptoWangYY05, | ||
+ | author = {Xiaoyun Wang and Hongbo Yu and Yiqun Lisa Yin}, | ||
+ | title = {Efficient Collision Search Attacks on SHA-0}, | ||
+ | booktitle = {CRYPTO}, | ||
+ | year = {2005}, | ||
+ | pages = {1-16}, | ||
+ | url = {http://dx.doi.org/10.1007/11535218_1}, | ||
+ | editor = {Victor Shoup}, | ||
+ | publisher = {Springer}, | ||
+ | series = {LNCS}, | ||
+ | volume = {3621}, | ||
+ | isbn = {3-540-28114-2}, | ||
+ | } | ||
+ | </bibtex> | ||
<bibtex> | <bibtex> | ||
@inproceedings{eurocryptBihamCJCLJ05, | @inproceedings{eurocryptBihamCJCLJ05, | ||
Line 51: | Line 82: | ||
isbn = {3-540-25910-4}, | isbn = {3-540-25910-4}, | ||
url = {http://dx.doi.org/10.1007/11426639_3}, | url = {http://dx.doi.org/10.1007/11426639_3}, | ||
+ | } | ||
+ | </bibtex> | ||
+ | <bibtex> | ||
+ | @inproceedings{cryptoBihamC04, | ||
+ | author = {Eli Biham and Rafi Chen}, | ||
+ | title = {Near-Collisions of SHA-0}, | ||
+ | booktitle = {CRYPTO}, | ||
+ | year = {2004}, | ||
+ | pages = {290-305}, | ||
+ | url = {http://springerlink.metapress.com/openurl.asp?genre=article{\&}issn=0302-9743{\&}volume=3152{\&}spage=290}, | ||
+ | editor = {Matthew K. Franklin}, | ||
+ | publisher = {Springer}, | ||
+ | series = {LNCS}, | ||
+ | volume = {3152}, | ||
+ | isbn = {3-540-22668-0}, | ||
+ | editor = {Matthew K. Franklin}, | ||
+ | publisher = {Springer}, | ||
+ | series = {LNCS}, | ||
+ | volume = {3152}, | ||
+ | isbn = {3-540-22668-0}, | ||
+ | } | ||
+ | </bibtex> | ||
+ | <bibtex> | ||
+ | @inproceedings{cryptoChabaudJ98, | ||
+ | author = {Florent Chabaud and Antoine Joux}, | ||
+ | title = {Differential Collisions in SHA-0}, | ||
+ | booktitle = {CRYPTO}, | ||
+ | year = {1998}, | ||
+ | pages = {56-71}, | ||
+ | url = {http://link.springer.de/link/service/series/0558/bibs/1462/14620056.htm}, | ||
+ | editor = {Hugo Krawczyk}, | ||
+ | publisher = {Springer}, | ||
+ | series = {LNCS}, | ||
+ | volume = {1462}, | ||
+ | isbn = {3-540-64892-5}, | ||
} | } | ||
</bibtex> | </bibtex> | ||
Line 62: | Line 128: | ||
=== Preimage Attacks === | === Preimage Attacks === | ||
+ | <bibtex> | ||
+ | @inproceedings{cryptoCanniereR08, | ||
+ | author = {Christophe De Canni{\`e}re and Christian Rechberger}, | ||
+ | title = {Preimages for Reduced SHA-0 and SHA-1}, | ||
+ | booktitle = {CRYPTO}, | ||
+ | year = {2008}, | ||
+ | pages = {179-202}, | ||
+ | abstract = {In this paper, we examine the resistance of the popular hash function SHA-1 and its predecessor SHA-0 against dedicated preimage attacks. In order to assess the security margin of these hash functions against these attacks, two new cryptanalytic techniques are developed: (1) Reversing the inversion problem: the idea is to start with an impossible expanded message that would lead to the required digest, and then to correct this message until it becomes valid without destroying the preimage property. (2) P^3 graphs: an algorithm based on the theory of random graphs that allows the conversion of preimage attacks on the compression function to attacks on the hash function with less effort than traditional meet-in-the-middle approaches. Combining these techniques, we obtain preimage-style shortcuts attacks for up to 45 steps of SHA-1, and up to 50 steps of SHA-0 (out of 80). }, | ||
+ | url = {http://dx.doi.org/10.1007/978-3-540-85174-5_11}, | ||
+ | editor = {David Wagner}, | ||
+ | publisher = {Springer}, | ||
+ | series = {LNCS}, | ||
+ | volume = {5157}, | ||
+ | isbn = {978-3-540-85173-8}, | ||
+ | } | ||
+ | </bibtex> | ||
---- | ---- | ||
=== Others === | === Others === |
Latest revision as of 11:35, 10 November 2008
Contents
1 Specification
- digest size: 160 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 160-bit chaining variable
- Specification: FIPS 180 Secure Hash Standard
2 Cryptanalysis
2.1 Best Known Results
2.2 Generic Attacks
2.3 Collision Attacks
St\'ephane Manuel, Thomas Peyrin - Collisions on SHA-0 in One Hour
- FSE 5086:16-35,2008
- http://dx.doi.org/10.1007/978-3-540-71039-4_2
BibtexAuthor : St\'ephane Manuel, Thomas Peyrin
Title : Collisions on SHA-0 in One Hour
In : FSE -
Address :
Date : 2008
Yusuke Naito, Yu Sasaki, Takeshi Shimoyama, Jun Yajima, Noboru Kunihiro, Kazuo Ohta - Improved Collision Search for SHA-0
- ASIACRYPT 4284:21-36,2006
- http://dx.doi.org/10.1007/11935230_2
BibtexAuthor : Yusuke Naito, Yu Sasaki, Takeshi Shimoyama, Jun Yajima, Noboru Kunihiro, Kazuo Ohta
Title : Improved Collision Search for SHA-0
In : ASIACRYPT -
Address :
Date : 2006
Xiaoyun Wang, Hongbo Yu, Yiqun Lisa Yin - Efficient Collision Search Attacks on SHA-0
- CRYPTO 3621:1-16,2005
- http://dx.doi.org/10.1007/11535218_1
BibtexAuthor : Xiaoyun Wang, Hongbo Yu, Yiqun Lisa Yin
Title : Efficient Collision Search Attacks on SHA-0
In : CRYPTO -
Address :
Date : 2005
Eli Biham, Rafi Chen, Antoine Joux, Patrick Carribault, Christophe Lemuet, William Jalby - Collisions of SHA-0 and Reduced SHA-1
- EUROCRYPT 3494:36-57,2005
- http://dx.doi.org/10.1007/11426639_3
BibtexAuthor : Eli Biham, Rafi Chen, Antoine Joux, Patrick Carribault, Christophe Lemuet, William Jalby
Title : Collisions of SHA-0 and Reduced SHA-1
In : EUROCRYPT -
Address :
Date : 2005
Eli Biham, Rafi Chen - Near-Collisions of SHA-0
- CRYPTO 3152:290-305,2004
- http://springerlink.metapress.com/openurl.asp?genre=article{\&}issn=0302-9743{\&}volume=3152{\&}spage=290
BibtexAuthor : Eli Biham, Rafi Chen
Title : Near-Collisions of SHA-0
In : CRYPTO -
Address :
Date : 2004
Florent Chabaud, Antoine Joux - Differential Collisions in SHA-0
- CRYPTO 1462:56-71,1998
- http://link.springer.de/link/service/series/0558/bibs/1462/14620056.htm
BibtexAuthor : Florent Chabaud, Antoine Joux
Title : Differential Collisions in SHA-0
In : CRYPTO -
Address :
Date : 1998
2.4 Second Preimage Attacks
2.5 Preimage Attacks
Christophe De Canni\`ere, Christian Rechberger - Preimages for Reduced SHA-0 and SHA-1
- CRYPTO 5157:179-202,2008
- http://dx.doi.org/10.1007/978-3-540-85174-5_11
BibtexAuthor : Christophe De Canni\`ere, Christian Rechberger
Title : Preimages for Reduced SHA-0 and SHA-1
In : CRYPTO -
Address :
Date : 2008