Difference between revisions of "SHA-384"

From The ECRYPT Hash Function Website
 
(Collision Attacks)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
== Specification ==
 
== Specification ==
  
<!--
+
* digest size: 384 bits
* digest size: 160 bits
+
* max. message length: < 2<sup>128</sup> bits
* max. message length: < 2<sup>64</sup> bits
+
* compression function: 1024-bit message block, 512-bit chaining variable
* compression function: 512-bit message block, 160-bit chaining variable
+
* [http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf  Specification: FIPS 180-2 Secure Hash Standard]
* Specification:  
 
-->
 
  
 
== Cryptanalysis ==
 
== Cryptanalysis ==
Line 21: Line 19:
  
 
=== Collision Attacks ===
 
=== Collision Attacks ===
 +
 +
<bibtex>
 +
@inproceedings{sacryptGilbertH03,
 +
  author    = {Henri Gilbert and Helena Handschuh},
 +
  title    = {Security Analysis of SHA-256 and Sisters},
 +
  booktitle = {Selected Areas in Cryptography},
 +
  year      = {2003},
 +
  pages    = {175-193},
 +
  url        = {http://springerlink.metapress.com/openurl.asp?genre=article{\&}issn=0302-9743{\&}volume=3006{\&}spage=175},
 +
  editor    = {Mitsuru Matsui and Robert J. Zuccherato},
 +
  publisher = {Springer},
 +
  series    = {LNCS},
 +
  volume    = {3006},
 +
  isbn      = {3-540-21370-8},
 +
  abstract  = {This paper studies the security of SHA-256, SHA-384 and SHA-512 against collision attacks and provides some insight into the security properties of the basic building blocks of the structure. It is concluded that neither Chabaud and Joux's attack, nor Dobbertin-style attacks apply. Differential and linear attacks also don't apply on the underlying structure. However we show that slightly simplified versions of the hash functions are surprisingly weak: whenever symmetric constants and initialization values are used throughout the computations, and modular additions are replaced by exclusive or operations, symmetric messages hash to symmetric digests. Therefore the complexity of collision search on these modified hash functions potentially becomes as low as one wishes.},
 +
}
 +
</bibtex>
 +
  
 
----
 
----

Latest revision as of 07:58, 11 March 2008

1 Specification

2 Cryptanalysis

2.1 Best Known Results


2.2 Generic Attacks


2.3 Collision Attacks

Henri Gilbert, Helena Handschuh - Security Analysis of SHA-256 and Sisters

Selected Areas in Cryptography 3006:175-193,2003
http://springerlink.metapress.com/openurl.asp?genre=article{\&}issn=0302-9743{\&}volume=3006{\&}spage=175
Bibtex
Author : Henri Gilbert, Helena Handschuh
Title : Security Analysis of SHA-256 and Sisters
In : Selected Areas in Cryptography -
Address :
Date : 2003



2.4 Second Preimage Attacks


2.5 Preimage Attacks


2.6 Others