Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1

  • Kazumaro Aoki
  • Yu Sasaki
Conference paper

DOI: 10.1007/978-3-642-03356-8_5

Volume 5677 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Aoki K., Sasaki Y. (2009) Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1. In: Halevi S. (eds) Advances in Cryptology - CRYPTO 2009. Lecture Notes in Computer Science, vol 5677. Springer, Berlin, Heidelberg


Preimage resistance of several hash functions has already been broken by the meet-in-the-middle attacks and they utilize a property that their message schedules consist of only permutations of message words. It is unclear whether this type of attacks is applicable to a hash function whose message schedule does not consist of permutations of message words. This paper proposes new attacks against reduced SHA-0 and SHA-1 hash functions by analyzing a message schedule that does not consist of permutations but linear combinations of message words. The newly developed cryptanalytic techniques enable the meet-in-the-middle attack to be applied to reduced SHA-0 and SHA-1 hash functions. The attacks find preimages of SHA-0 and SHA-1 in 2156.6 and 2159.3 compression function computations up to 52 and 48 steps, respectively, compared to the brute-force attack, which requires 2160 compression function computations. The previous best attacks find preimages up to 49 and 44 steps, respectively.


Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Kazumaro Aoki
    • 1
  • Yu Sasaki
    • 1
  1. 1.NTTTokyoJapan