Designs, Codes and Cryptography

, Volume 59, Issue 1, pp 247-263

First online:

Classification and generation of disturbance vectors for collision attacks against SHA-1

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access


The main contribution of this paper is to provide a classification of disturbance vectors used in differential collision attacks against \({\tt{SHA}-1}\) . We show that all published disturbance vectors can be classified into two types of vectors, type-I and type-II. We present a deterministic algorithm which produce efficient disturbance vectors with respect to any given cost function. We define two simple cost functions to evaluate the efficiency of a candidate disturbance vector. Using our algorithm and those cost function we retrieved all previously known vectors and found that the most efficient disturbance vector is the one first reported as Codeword2 by Jutla and Patthak, A matching lower bound on the minimum weight of SHA-1 expansion code. Cryptology ePrint Archive, Report 2005/266, (2005). We also present a statistical evaluation of local collisions’ holding probabilities and show that the common assumption of local collision independence is flawed.


Hash functions \({\tt{SHA}-1}\) Collision attack Disturbance vector Local collisions independence

Mathematics Subject Classification (2000)