Difference between revisions of "SHA-1"
Crechberger (talk | contribs) |
(→Preimage Attacks) |
||
| (One intermediate revision by one other user not shown) | |||
| Line 71: | Line 71: | ||
} | } | ||
</bibtex> | </bibtex> | ||
| − | + | <bibtex> | |
| + | @inproceedings{cryptoWangYY05a, | ||
| + | author = {Xiaoyun Wang and Yiqun Lisa Yin and Hongbo Yu}, | ||
| + | title = {Finding Collisions in the Full SHA-1}, | ||
| + | booktitle = {CRYPTO}, | ||
| + | year = {2005}, | ||
| + | pages = {17-36}, | ||
| + | url = {http://dx.doi.org/10.1007/11535218_2}, | ||
| + | editor = {Victor Shoup}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {3621}, | ||
| + | isbn = {3-540-28114-2}, | ||
| + | } | ||
| + | </bibtex> | ||
<bibtex> | <bibtex> | ||
@inproceedings{eurocryptBihamCJCLJ05, | @inproceedings{eurocryptBihamCJCLJ05, | ||
| Line 105: | Line 119: | ||
=== Preimage Attacks === | === Preimage Attacks === | ||
| − | + | ||
| + | <bibtex> | ||
| + | @inproceedings{cryptoCanniereR08, | ||
| + | author = {Christophe De Canni{\`e}re and Christian Rechberger}, | ||
| + | title = {Preimages for Reduced SHA-0 and SHA-1}, | ||
| + | booktitle = {CRYPTO}, | ||
| + | year = {2008}, | ||
| + | pages = {179-202}, | ||
| + | abstract = {In this paper, we examine the resistance of the popular hash function SHA-1 and its predecessor SHA-0 against dedicated preimage attacks. In order to assess the security margin of these hash functions against these attacks, two new cryptanalytic techniques are developed: (1) Reversing the inversion problem: the idea is to start with an impossible expanded message that would lead to the required digest, and then to correct this message until it becomes valid without destroying the preimage property. (2) P^3 graphs: an algorithm based on the theory of random graphs that allows the conversion of preimage attacks on the compression function to attacks on the hash function with less effort than traditional meet-in-the-middle approaches. Combining these techniques, we obtain preimage-style shortcuts attacks for up to 45 steps of SHA-1, and up to 50 steps of SHA-0 (out of 80). }, | ||
| + | url = {http://dx.doi.org/10.1007/978-3-540-85174-5_11}, | ||
| + | editor = {David Wagner}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {5157}, | ||
| + | isbn = {978-3-540-85173-8}, | ||
| + | } | ||
| + | </bibtex> | ||
| + | |||
---- | ---- | ||
Latest revision as of 11:34, 10 November 2008
Contents
1 Specification
- digest size: 160 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 160-bit chaining variable
- Specification: FIPS 180-2 Secure Hash Standard
2 Cryptanalysis
2.1 Best Known Results
The best collision attack on full SHA-1 was published by Wang et al. It has complexity of 269 hash evaluations. The best collision example, a 70-step collision for SHA-1, was published by DeCanniere, Mendel and Rechberger.
2.2 Collision Attacks
Christophe De Canni\`ere, Florian Mendel, Christian Rechberger - Collisions for 70-Step SHA-1: On the Full Cost of Collision Search
- Selected Areas in Cryptography 4876:56-73,2007
- http://dx.doi.org/10.1007/978-3-540-77360-3_4
BibtexAuthor : Christophe De Canni\`ere, Florian Mendel, Christian Rechberger
Title : Collisions for 70-Step SHA-1: On the Full Cost of Collision Search
In : Selected Areas in Cryptography -
Address :
Date : 2007
Makoto Sugita, Mitsuru Kawazoe, Ludovic Perret, Hideki Imai - Algebraic Cryptanalysis of 58-Round SHA-1
- FSE 4593:349-365,2007
- http://dx.doi.org/10.1007/978-3-540-74619-5_22
BibtexAuthor : Makoto Sugita, Mitsuru Kawazoe, Ludovic Perret, Hideki Imai
Title : Algebraic Cryptanalysis of 58-Round SHA-1
In : FSE -
Address :
Date : 2007
Christophe De Canni\`ere, Christian Rechberger - Finding SHA-1 Characteristics: General Results and Applications
- ASIACRYPT 4284:1-20,2006
- http://dx.doi.org/10.1007/11935230_1
BibtexAuthor : Christophe De Canni\`ere, Christian Rechberger
Title : Finding SHA-1 Characteristics: General Results and Applications
In : ASIACRYPT -
Address :
Date : 2006
Xiaoyun Wang, Yiqun Lisa Yin, Hongbo Yu - Finding Collisions in the Full SHA-1
- CRYPTO 3621:17-36,2005
- http://dx.doi.org/10.1007/11535218_2
BibtexAuthor : Xiaoyun Wang, Yiqun Lisa Yin, Hongbo Yu
Title : Finding Collisions in the Full SHA-1
In : CRYPTO -
Address :
Date : 2005
Eli Biham, Rafi Chen, Antoine Joux, Patrick Carribault, Christophe Lemuet, William Jalby - Collisions of SHA-0 and Reduced SHA-1
- EUROCRYPT 3494:36-57,2005
- http://dx.doi.org/10.1007/11426639_3
BibtexAuthor : Eli Biham, Rafi Chen, Antoine Joux, Patrick Carribault, Christophe Lemuet, William Jalby
Title : Collisions of SHA-0 and Reduced SHA-1
In : EUROCRYPT -
Address :
Date : 2005
Vincent Rijmen, Elisabeth Oswald - Update on SHA-1
- CT-RSA 3376:58-71,2005
- http://dx.doi.org/10.1007/b105222
BibtexAuthor : Vincent Rijmen, Elisabeth Oswald
Title : Update on SHA-1
In : CT-RSA -
Address :
Date : 2005
2.3 Preimage Attacks
Christophe De Canni\`ere, Christian Rechberger - Preimages for Reduced SHA-0 and SHA-1
- CRYPTO 5157:179-202,2008
- http://dx.doi.org/10.1007/978-3-540-85174-5_11
BibtexAuthor : Christophe De Canni\`ere, Christian Rechberger
Title : Preimages for Reduced SHA-0 and SHA-1
In : CRYPTO -
Address :
Date : 2008
2.4 Others
Antoine Joux, Thomas Peyrin - Hash Functions and the (Amplified) Boomerang Attack
- CRYPTO 4622:244--263,2007
- http://dx.doi.org/10.1007/978-3-540-74143-5_14
BibtexAuthor : Antoine Joux, Thomas Peyrin
Title : Hash Functions and the (Amplified) Boomerang Attack
In : CRYPTO -
Address :
Date : 2007
Florian Mendel, Norbert Pramstaller, Christian Rechberger, Vincent Rijmen - The Impact of Carries on the Complexity of Collision Attacks on SHA-1
- FSE 4047:278-292,2006
- http://dx.doi.org/10.1007/11799313_18
BibtexAuthor : Florian Mendel, Norbert Pramstaller, Christian Rechberger, Vincent Rijmen
Title : The Impact of Carries on the Complexity of Collision Attacks on SHA-1
In : FSE -
Address :
Date : 2006
Charanjit S. Jutla, Anindya C. Patthak - Provably Good Codes for Hash Function Design
- Selected Areas in Cryptography 4356:376-393,2006
- http://dx.doi.org/10.1007/978-3-540-74462-7_26
BibtexAuthor : Charanjit S. Jutla, Anindya C. Patthak
Title : Provably Good Codes for Hash Function Design
In : Selected Areas in Cryptography -
Address :
Date : 2006
Norbert Pramstaller, Christian Rechberger, Vincent Rijmen - Impact of Rotations in SHA-1 and Related Hash Functions
- Selected Areas in Cryptography 3897:261-275,2005
- http://dx.doi.org/10.1007/11693383_18
BibtexAuthor : Norbert Pramstaller, Christian Rechberger, Vincent Rijmen
Title : Impact of Rotations in SHA-1 and Related Hash Functions
In : Selected Areas in Cryptography -
Address :
Date : 2005
Akashi Satoh - Hardware Architecture and Cost Estimates for Breaking SHA-1
- ISC 3650:259-273,2005
- http://dx.doi.org/10.1007/11556992_19
BibtexAuthor : Akashi Satoh
Title : Hardware Architecture and Cost Estimates for Breaking SHA-1
In : ISC -
Address :
Date : 2005
