Cryptography and Communications

, Volume 1, Issue 2, pp 135-173

First online:

A combinatorial analysis of recent attacks on step reduced SHA-2 family

  • Somitra Kumar SanadhyaAffiliated withApplied Statistics Unit, Indian Statistical Institute
  • , Palash SarkarAffiliated withApplied Statistics Unit, Indian Statistical Institute Email author 

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access


We perform a combinatorial analysis of the SHA-2 compression function. This analysis explains in a unified way the recent attacks against reduced round SHA-2. We start with a general class of local collisions and show that the previously used local collision by Nikolić and Biryukov (NB) and Sanadhya and Sarkar (SS) are special cases. The study also clarifies several advantages of the SS local collision over the NB local collision. Deterministic constructions of up to 22-round SHA-2 collisions are described using the SS local collision and up to 21-round SHA-2 collisions are described using the NB local collision. For 23 and 24-round SHA-2, we describe a general strategy and then apply the SS local collision to this strategy. The resulting attacks are faster than those proposed by Indesteege et al using the NB local collision. We provide colliding message pairs for 22, 23 and 24-round SHA-2. Although these attacks improve upon the existing reduced round SHA-256 attacks, they do not threaten the security of the full SHA-2 family.1


SHA-2 family Reduced round collisions Cryptanalysis

Mathematics Subject Classifications (2000)

94A60 Cryptography