Difference between revisions of "SHA-256/224"
From The ECRYPT Hash Function Website
(→Collision Attacks) |
KMatusiewicz (talk | contribs) (added ref to collision attacks from SAC 2008) |
||
| Line 19: | Line 19: | ||
=== Collision Attacks === | === Collision Attacks === | ||
| + | <bibtex> | ||
| + | @INPROCEEDINGS{sacIndesteegeMPC08, | ||
| + | author = {Sebastiaan Indesteege and Florian Mendel and Bart Preneel and Christian | ||
| + | Rechberger}, | ||
| + | title = {Collisions and other Non-Random Properties for Step-Reduced SHA-256}, | ||
| + | booktitle = {Selected Areas in Cryptography -- SAC 2008}, | ||
| + | year = {2008}, | ||
| + | volume = {5381}, | ||
| + | series = {LNCS}, | ||
| + | pages = {276-293}, | ||
| + | publisher = {Springer}, | ||
| + | abstract = {We study the security of step-reduced but otherwise unmodified SHA-256. | ||
| + | We show the first collision attacks on SHA-256 reduced to 23 and | ||
| + | 24 steps with complexities $2^{18}$ and $2^{28.5}$, respectively. | ||
| + | We give example colliding message pairs for 23-step and 24-step SHA-256. | ||
| + | The best previous, recently obtained result was a collision attack | ||
| + | for up to 22 steps. We extend our attacks to 23 and 24-step reduced | ||
| + | SHA-512 with respective complexities of 2^{44.9} and 2^{53.0}. Additionally, | ||
| + | we show non-random behaviour of the SHA-256 compression function | ||
| + | in the form of free-start near-collisions for up to 31 steps, which | ||
| + | is 6 more steps than the recently obtained non-random behaviour in | ||
| + | the form of a semi-free-start near-collision. Even though this represents | ||
| + | a step forwards in terms of cryptanalytic techniques, the results | ||
| + | do not threaten the security of applications using SHA-256.}, | ||
| + | doi = {10.1007/978-3-642-04159-4_18}, | ||
| + | url = {http://dx.doi.org/10.1007/978-3-642-04159-4_18}, | ||
| + | } | ||
| + | |||
| + | </bibtex> | ||
<bibtex> | <bibtex> | ||
Revision as of 09:59, 18 September 2009
Contents
1 Specification
- digest size: 256 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 256-bit chaining variable
- Specification: FIPS 180-2 Secure Hash Standard
2 Cryptanalysis
2.1 Best Known Results
Collision attacks up to 21 out of 64 steps. Other non random behavior up to 25 steps. Both results are due to Nicolic and Biryukov.
2.2 Generic Attacks
2.3 Collision Attacks
Sebastiaan Indesteege, Florian Mendel, Bart Preneel, Christian
Rechberger - Collisions and other Non-Random Properties for Step-Reduced SHA-256
- Selected Areas in Cryptography -- SAC 2008 5381:276-293,2008
- http://dx.doi.org/10.1007/978-3-642-04159-4_18
BibtexAuthor : Sebastiaan Indesteege, Florian Mendel, Bart Preneel, Christian Rechberger
Title : Collisions and other Non-Random Properties for Step-Reduced SHA-256
In : Selected Areas in Cryptography -- SAC 2008 -
Address :
Date : 2008
Somitra Kumar Sanadhya, Palash Sarkar - Deterministic Constructions of 21-Step Collisions for the SHA-2 Hash Family
- ISC 5222:244-259,2008
- http://dx.doi.org/10.1007/978-3-540-85886-7_17
BibtexAuthor : Somitra Kumar Sanadhya, Palash Sarkar
Title : Deterministic Constructions of 21-Step Collisions for the SHA-2 Hash Family
In : ISC -
Address :
Date : 2008
Somitra Kumar Sanadhya, Palash Sarkar - Non-linear Reduced Round Attacks against SHA-2 Hash Family
- ACISP 5107:254-266,2008
- http://dx.doi.org/10.1007/978-3-540-70500-0_19
BibtexAuthor : Somitra Kumar Sanadhya, Palash Sarkar
Title : Non-linear Reduced Round Attacks against SHA-2 Hash Family
In : ACISP -
Address :
Date : 2008
Ivica Nikolic, Alex Biryukov - Collisions for Step-Reduced SHA-256
- FSE 5086:1-15,2008
- http://dx.doi.org/10.1007/978-3-540-71039-4_1
BibtexAuthor : Ivica Nikolic, Alex Biryukov
Title : Collisions for Step-Reduced SHA-256
In : FSE -
Address :
Date : 2008
Somitra Kumar Sanadhya, Palash Sarkar - New Local Collisions for the SHA-2 Hash Family
- ICISC 4817:193-205,2007
- http://dx.doi.org/10.1007/978-3-540-76788-6_16
BibtexAuthor : Somitra Kumar Sanadhya, Palash Sarkar
Title : New Local Collisions for the SHA-2 Hash Family
In : ICISC -
Address :
Date : 2007
Florian Mendel, Norbert Pramstaller, Christian Rechberger, Vincent Rijmen - Analysis of Step-Reduced SHA-256
- FSE 4047:126-143,2006
- http://dx.doi.org/10.1007/11799313_9
BibtexAuthor : Florian Mendel, Norbert Pramstaller, Christian Rechberger, Vincent Rijmen
Title : Analysis of Step-Reduced SHA-256
In : FSE -
Address :
Date : 2006
Hirotaka Yoshida, Alex Biryukov - Analysis of a SHA-256 Variant
- Selected Areas in Cryptography 3897:245-260,2005
- http://dx.doi.org/10.1007/11693383_17
BibtexAuthor : Hirotaka Yoshida, Alex Biryukov
Title : Analysis of a SHA-256 Variant
In : Selected Areas in Cryptography -
Address :
Date : 2005
Henri Gilbert, Helena Handschuh - Security Analysis of SHA-256 and Sisters
- Selected Areas in Cryptography 3006:175-193,2003
- http://springerlink.metapress.com/openurl.asp?genre=article{\&}issn=0302-9743{\&}volume=3006{\&}spage=175
BibtexAuthor : Henri Gilbert, Helena Handschuh
Title : Security Analysis of SHA-256 and Sisters
In : Selected Areas in Cryptography -
Address :
Date : 2003
