Preimages for Step-Reduced SHA-2

  • Kazumaro Aoki
  • Jian Guo
  • Krystian Matusiewicz
  • Yu Sasaki
  • Lei Wang
Conference paper

DOI: 10.1007/978-3-642-10366-7_34

Volume 5912 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Aoki K., Guo J., Matusiewicz K., Sasaki Y., Wang L. (2009) Preimages for Step-Reduced SHA-2. In: Matsui M. (eds) Advances in Cryptology – ASIACRYPT 2009. ASIACRYPT 2009. Lecture Notes in Computer Science, vol 5912. Springer, Berlin, Heidelberg

Abstract

In this paper, we present preimage attacks on up to 43-step SHA-256 (around 67% of the total 64 steps) and 46-step SHA-512 (around 57.5% of the total 80 steps), which significantly increases the number of attacked steps compared to the best previously published preimage attack working for 24 steps. The time complexities are 2251.9, 2509 for finding pseudo-preimages and 2254.9, 2511.5 compression function operations for full preimages. The memory requirements are modest, around 26 words for 43-step SHA-256 and 46-step SHA-512. The pseudo-preimage attack also applies to 43-step SHA-224 and SHA-384. Our attack is a meet-in-the-middle attack that uses a range of novel techniques to split the function into two independent parts that can be computed separately and then matched in a birthday-style phase.

Keywords

SHA-256 SHA-512 hash preimage attack meet-in-the-middle 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Kazumaro Aoki
    • 1
  • Jian Guo
    • 2
  • Krystian Matusiewicz
    • 3
  • Yu Sasaki
    • 1
    • 4
  • Lei Wang
    • 4
  1. 1.NTT Information Sharing Platform LaboratoriesNTT CorporationTokyoJapan
  2. 2.Division of Mathematical Sciences, School of Physical and Mathematical SciencesNanyang Technological UniversitySingapore
  3. 3.Department of MathematicsTechnical University of DenmarkDenmark
  4. 4.University of Electro-CommunicationsTokyoJapan