Difference between revisions of "SHA-256/224"

From The ECRYPT Hash Function Website
(Collision Attacks)
(Collision Attacks)
Line 19: Line 19:
  
 
=== Collision Attacks ===
 
=== Collision Attacks ===
 +
 +
<bibtex>
 +
@inproceedings{acispSanadhyaS08,
 +
  author    = {Somitra Kumar Sanadhya and Palash Sarkar},
 +
  title    = {Non-linear Reduced Round Attacks against SHA-2 Hash Family},
 +
  booktitle = {ACISP},
 +
  year      = {2008},
 +
  pages    = {254-266},
 +
  abstract  = {Most of the attacks against (reduced) SHA-2 family in literature have used local collisions which are valid for linearized version of SHA-2 hash functions. Recently, at FSE 2008, an attack against reduced round SHA-256 was presented by Nikolic and Biryukov which used a local collision which is valid for the actual SHA-256 function. It is a 9-step local collision which starts by introducing a modular difference of 1 in the two messages. It succeeds with probability roughly 1/3. We build on the work of Nikolic and Biryukov and provide a generalized nonlinear local collision which accepts an arbitrary initial message difference. This local collision succeeds with probability 1. Using this local collision we present attacks against 18-step SHA-256 and 18-step SHA-512 with arbitrary initial difference. Both of these attacks succeed with probability 1. We then present special cases of our local collision and show two different differential paths for attacking 20-step SHA-256 and 20-step SHA-512. One of these paths is the same as presented by Nikolic and Biryukov while the other one is a new differential path. Messages following both these differential paths can be found with probability 1. This improves on the previous result where the success probability of 20-step attack was 1/3. Finally, we present two differential paths for 21-step collisions for SHA-256 and SHA-512, one of which is a new path. The success probabilities of these paths for SHA-256 are roughly 2-^15 and 2^-17 which improve on the 21-step attack having probability 2^-19 reported earlier. We show examples of message pairs following all the presented differential paths for up to 21-step collisions in SHA-256. We also show first real examples of colliding message pairs for up to 20-step reduced SHA-512. },
 +
  url        = {http://dx.doi.org/10.1007/978-3-540-70500-0_19},
 +
  editor    = {Yi Mu and Willy Susilo and Jennifer Seberry},
 +
  publisher = {Springer},
 +
  series    = {LNCS},
 +
  volume    = {5107},
 +
  isbn      = {978-3-540-69971-2},
 +
}
 +
</bibtex>
  
 
<bibtex>
 
<bibtex>

Revision as of 13:57, 10 November 2008

1 Specification

2 Cryptanalysis

2.1 Best Known Results

Collision attacks up to 21 out of 64 steps. Other non random behavior up to 25 steps. Both results are due to Nicolic and Biryukov.


2.2 Generic Attacks


2.3 Collision Attacks

Somitra Kumar Sanadhya, Palash Sarkar - Non-linear Reduced Round Attacks against SHA-2 Hash Family

ACISP 5107:254-266,2008
http://dx.doi.org/10.1007/978-3-540-70500-0_19
Bibtex
Author : Somitra Kumar Sanadhya, Palash Sarkar
Title : Non-linear Reduced Round Attacks against SHA-2 Hash Family
In : ACISP -
Address :
Date : 2008

Ivica Nikolic, Alex Biryukov - Collisions for Step-Reduced SHA-256

FSE 5086:1-15,2008
http://dx.doi.org/10.1007/978-3-540-71039-4_1
Bibtex
Author : Ivica Nikolic, Alex Biryukov
Title : Collisions for Step-Reduced SHA-256
In : FSE -
Address :
Date : 2008

Somitra Kumar Sanadhya, Palash Sarkar - New Local Collisions for the SHA-2 Hash Family

ICISC 4817:193-205,2007
http://dx.doi.org/10.1007/978-3-540-76788-6_16
Bibtex
Author : Somitra Kumar Sanadhya, Palash Sarkar
Title : New Local Collisions for the SHA-2 Hash Family
In : ICISC -
Address :
Date : 2007

Florian Mendel, Norbert Pramstaller, Christian Rechberger, Vincent Rijmen - Analysis of Step-Reduced SHA-256

FSE 4047:126-143,2006
http://dx.doi.org/10.1007/11799313_9
Bibtex
Author : Florian Mendel, Norbert Pramstaller, Christian Rechberger, Vincent Rijmen
Title : Analysis of Step-Reduced SHA-256
In : FSE -
Address :
Date : 2006

Hirotaka Yoshida, Alex Biryukov - Analysis of a SHA-256 Variant

Selected Areas in Cryptography 3897:245-260,2005
http://dx.doi.org/10.1007/11693383_17
Bibtex
Author : Hirotaka Yoshida, Alex Biryukov
Title : Analysis of a SHA-256 Variant
In : Selected Areas in Cryptography -
Address :
Date : 2005

Henri Gilbert, Helena Handschuh - Security Analysis of SHA-256 and Sisters

Selected Areas in Cryptography 3006:175-193,2003
http://springerlink.metapress.com/openurl.asp?genre=article{\&}issn=0302-9743{\&}volume=3006{\&}spage=175
Bibtex
Author : Henri Gilbert, Helena Handschuh
Title : Security Analysis of SHA-256 and Sisters
In : Selected Areas in Cryptography -
Address :
Date : 2003



2.4 Second Preimage Attacks


2.5 Preimage Attacks


2.6 Others