Difference between revisions of "SHA-256/224"
KMatusiewicz (talk | contribs) (→Best Known Results) |
KMatusiewicz (talk | contribs) (→Preimage Attacks) |
||
Line 186: | Line 186: | ||
=== Preimage Attacks === | === Preimage Attacks === | ||
− | + | <bibtex> | |
+ | @INPROCEEDINGS{fseIsobeS09, | ||
+ | author = {Takanori Isobe and Kyoji Shibutani}, | ||
+ | title = {Preimage Attacks on Reduced Tiger and SHA-2}, | ||
+ | booktitle = {Fast Software Encryption -- FSE 2009}, | ||
+ | year = {2009}, | ||
+ | editor = {Dunkelman, Orr}, | ||
+ | volume = {5665}, | ||
+ | series = {LNCS}, | ||
+ | pages = {139-155}, | ||
+ | publisher = {Springer}, | ||
+ | url = {http://dx.doi.org/10.1007/978-3-642-03317-9} | ||
+ | abstract = {This paper shows new preimage attacks on reduced Tiger and SHA-2. | ||
+ | Indesteege and Preneel presented a preimage attack on Tiger reduced | ||
+ | to 13 rounds (out of 24) with a complexity of 2^{128.5}. Our new | ||
+ | preimage attack finds a one-block preimage of Tiger reduced to 16 | ||
+ | rounds with a complexity of 2^{161}. The proposed attack is based | ||
+ | on meet-in-the-middle attacks. It seems difficult to find “independent | ||
+ | words” of Tiger at first glance, since its key schedule function | ||
+ | is much more complicated than that of MD4 or MD5. However, we developed | ||
+ | techniques to find independent words efficiently by controlling its | ||
+ | internal variables. Surprisingly, the similar techniques can be applied | ||
+ | to SHA-2 including both SHA-256 and SHA-512. We present a one-block | ||
+ | preimage attack on SHA-256 and SHA-512 reduced to 24 (out of 64 and | ||
+ | 80) steps with a complexity of 2^{240} and 2^{480}, respectively. | ||
+ | To the best of our knowledge, our attack is the best known preimage | ||
+ | attack on reduced-round Tiger and our preimage attack on reduced-step | ||
+ | SHA-512 is the first result. Furthermore, our preimage attacks can | ||
+ | also be extended to second preimage attacks directly, because our | ||
+ | attacks can obtain random preimages from an arbitrary IV and an arbitrary | ||
+ | target.}, | ||
+ | } | ||
+ | </bibtex> | ||
---- | ---- | ||
=== Others === | === Others === |
Revision as of 10:07, 18 September 2009
Contents
1 Specification
- digest size: 256 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 256-bit chaining variable
- Specification: FIPS 180-2 Secure Hash Standard
2 Cryptanalysis
2.1 Best Known Results
Collision attacks up to 24 out of 64 steps. Other non random behavior up to 31 steps. Both results are due to Indesteege et al (SAC 2008).
2.2 Generic Attacks
2.3 Collision Attacks
Sebastiaan Indesteege, Florian Mendel, Bart Preneel, Christian
Rechberger - Collisions and other Non-Random Properties for Step-Reduced SHA-256
- Selected Areas in Cryptography -- SAC 2008 5381:276-293,2008
- http://dx.doi.org/10.1007/978-3-642-04159-4_18
BibtexAuthor : Sebastiaan Indesteege, Florian Mendel, Bart Preneel, Christian Rechberger
Title : Collisions and other Non-Random Properties for Step-Reduced SHA-256
In : Selected Areas in Cryptography -- SAC 2008 -
Address :
Date : 2008
Somitra Kumar Sanadhya, Palash Sarkar - Deterministic Constructions of 21-Step Collisions for the SHA-2 Hash Family
- ISC 5222:244-259,2008
- http://dx.doi.org/10.1007/978-3-540-85886-7_17
BibtexAuthor : Somitra Kumar Sanadhya, Palash Sarkar
Title : Deterministic Constructions of 21-Step Collisions for the SHA-2 Hash Family
In : ISC -
Address :
Date : 2008
Somitra Kumar Sanadhya, Palash Sarkar - Non-linear Reduced Round Attacks against SHA-2 Hash Family
- ACISP 5107:254-266,2008
- http://dx.doi.org/10.1007/978-3-540-70500-0_19
BibtexAuthor : Somitra Kumar Sanadhya, Palash Sarkar
Title : Non-linear Reduced Round Attacks against SHA-2 Hash Family
In : ACISP -
Address :
Date : 2008
Ivica Nikolic, Alex Biryukov - Collisions for Step-Reduced SHA-256
- FSE 5086:1-15,2008
- http://dx.doi.org/10.1007/978-3-540-71039-4_1
BibtexAuthor : Ivica Nikolic, Alex Biryukov
Title : Collisions for Step-Reduced SHA-256
In : FSE -
Address :
Date : 2008
Somitra Kumar Sanadhya, Palash Sarkar - New Local Collisions for the SHA-2 Hash Family
- ICISC 4817:193-205,2007
- http://dx.doi.org/10.1007/978-3-540-76788-6_16
BibtexAuthor : Somitra Kumar Sanadhya, Palash Sarkar
Title : New Local Collisions for the SHA-2 Hash Family
In : ICISC -
Address :
Date : 2007
Florian Mendel, Norbert Pramstaller, Christian Rechberger, Vincent Rijmen - Analysis of Step-Reduced SHA-256
- FSE 4047:126-143,2006
- http://dx.doi.org/10.1007/11799313_9
BibtexAuthor : Florian Mendel, Norbert Pramstaller, Christian Rechberger, Vincent Rijmen
Title : Analysis of Step-Reduced SHA-256
In : FSE -
Address :
Date : 2006
Hirotaka Yoshida, Alex Biryukov - Analysis of a SHA-256 Variant
- Selected Areas in Cryptography 3897:245-260,2005
- http://dx.doi.org/10.1007/11693383_17
BibtexAuthor : Hirotaka Yoshida, Alex Biryukov
Title : Analysis of a SHA-256 Variant
In : Selected Areas in Cryptography -
Address :
Date : 2005
Henri Gilbert, Helena Handschuh - Security Analysis of SHA-256 and Sisters
- Selected Areas in Cryptography 3006:175-193,2003
- http://springerlink.metapress.com/openurl.asp?genre=article{\&}issn=0302-9743{\&}volume=3006{\&}spage=175
BibtexAuthor : Henri Gilbert, Helena Handschuh
Title : Security Analysis of SHA-256 and Sisters
In : Selected Areas in Cryptography -
Address :
Date : 2003
2.4 Second Preimage Attacks
2.5 Preimage Attacks
Takanori Isobe, Kyoji Shibutani - Preimage Attacks on Reduced Tiger and SHA-2
- Fast Software Encryption -- FSE 2009 5665:139-155,2009
- http://dx.doi.org/10.1007/978-3-642-03317-9
BibtexAuthor : Takanori Isobe, Kyoji Shibutani
Title : Preimage Attacks on Reduced Tiger and SHA-2
In : Fast Software Encryption -- FSE 2009 -
Address :
Date : 2009