Difference between revisions of "SHA-256/224"
From The ECRYPT Hash Function Website
(→Collision Attacks) |
(→Collision Attacks) |
||
| Line 19: | Line 19: | ||
=== Collision Attacks === | === Collision Attacks === | ||
| + | <bibtex> | ||
| + | @inproceedings{iciscSanadhyaS07, | ||
| + | author = {Somitra Kumar Sanadhya and Palash Sarkar}, | ||
| + | title = {New Local Collisions for the SHA-2 Hash Family}, | ||
| + | booktitle = {ICISC}, | ||
| + | year = {2007}, | ||
| + | pages = {193-205}, | ||
| + | url = {http://dx.doi.org/10.1007/978-3-540-76788-6_16}, | ||
| + | editor = {Kil-Hyun Nam and Gwangsoo Rhee}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {4817}, | ||
| + | isbn = {978-3-540-76787-9}, | ||
| + | abstract = {The starting point for collision attacks on practical hash functions is a local collision. In this paper, we make a systematic study of local collisions for the SHA-2 family. The possible linear approximations of the constituent Boolean functions are considered and certain impossible conditions for such approximations are identified. Based on appropriate approximations, we describe a general method for finding local collisions. Applying this method, we obtain several local collisions and compute the probabilities of the various differential paths. Previously, only one local collision due to Gilbert-Handschuh was known. We point out two impossible conditions in the GH local collision and provide an example of an impossible differential path for linearized SHA-2 using this local collision. Sixteen new local collisions are obtained none of which have any impossible conditions. The probabilities of these local collisions are a little less than the GH local collision. On the other hand, the absence of impossible conditions may make them more suitable for (reduced round) collision search attacks on the SHA-2 family.}, | ||
| + | } | ||
| + | </bibtex> | ||
| + | |||
<bibtex> | <bibtex> | ||
@inproceedings{fseMendelPRR06, | @inproceedings{fseMendelPRR06, | ||
Revision as of 15:14, 11 March 2008
Contents
1 Specification
- digest size: 256 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 256-bit chaining variable
- Specification: FIPS 180-2 Secure Hash Standard
2 Cryptanalysis
2.1 Best Known Results
2.2 Generic Attacks
2.3 Collision Attacks
Somitra Kumar Sanadhya, Palash Sarkar - New Local Collisions for the SHA-2 Hash Family
- ICISC 4817:193-205,2007
- http://dx.doi.org/10.1007/978-3-540-76788-6_16
BibtexAuthor : Somitra Kumar Sanadhya, Palash Sarkar
Title : New Local Collisions for the SHA-2 Hash Family
In : ICISC -
Address :
Date : 2007
Florian Mendel, Norbert Pramstaller, Christian Rechberger, Vincent Rijmen - Analysis of Step-Reduced SHA-256
- FSE 4047:126-143,2006
- http://dx.doi.org/10.1007/11799313_9
BibtexAuthor : Florian Mendel, Norbert Pramstaller, Christian Rechberger, Vincent Rijmen
Title : Analysis of Step-Reduced SHA-256
In : FSE -
Address :
Date : 2006
Hirotaka Yoshida, Alex Biryukov - Analysis of a SHA-256 Variant
- Selected Areas in Cryptography 3897:245-260,2005
- http://dx.doi.org/10.1007/11693383_17
BibtexAuthor : Hirotaka Yoshida, Alex Biryukov
Title : Analysis of a SHA-256 Variant
In : Selected Areas in Cryptography -
Address :
Date : 2005
Henri Gilbert, Helena Handschuh - Security Analysis of SHA-256 and Sisters
- Selected Areas in Cryptography 3006:175-193,2003
- http://springerlink.metapress.com/openurl.asp?genre=article{\&}issn=0302-9743{\&}volume=3006{\&}spage=175
BibtexAuthor : Henri Gilbert, Helena Handschuh
Title : Security Analysis of SHA-256 and Sisters
In : Selected Areas in Cryptography -
Address :
Date : 2003
