New Collision Attacks on SHA-1 Based on Optimal Joint Local-Collision Analysis

  • Marc Stevens
Conference paper

DOI: 10.1007/978-3-642-38348-9_15

Part of the Lecture Notes in Computer Science book series (LNCS, volume 7881)
Cite this paper as:
Stevens M. (2013) New Collision Attacks on SHA-1 Based on Optimal Joint Local-Collision Analysis. In: Johansson T., Nguyen P.Q. (eds) Advances in Cryptology – EUROCRYPT 2013. EUROCRYPT 2013. Lecture Notes in Computer Science, vol 7881. Springer, Berlin, Heidelberg


The main contributions of this paper are two-fold.

Firstly, we present a novel direction in the cryptanalysis of the cryptographic hash function SHA-1. Our work builds on previous cryptanalytic efforts on SHA-1 based on combinations of local collisions. Due to dependencies, previous approaches used heuristic corrections when combining the success probabilities and message conditions of the individual local collisions. Although this leads to success probabilities that are seemingly sufficient for feasible collision attacks, this approach most often does not lead to the maximum success probability possible as desired. We introduce novel techniques that enable us to determine the theoretical maximum success probability for a given set of (dependent) local collisions, as well as the smallest set of message conditions that attains this probability. We apply our new techniques and present an implemented open-source near-collision attack on SHA-1 with a complexity equivalent to 257.5 SHA-1 compressions.

Secondly, we present an identical-prefix collision attack and a chosen-prefix collision attack on SHA-1 with complexities equivalent to approximately 261 and 277.1 SHA-1 compressions, respectively.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Marc Stevens
    • 1
  1. 1.CWIAmsterdamThe Netherlands

Personalised recommendations