Designs, Codes and Cryptography

, Volume 59, Issue 1, pp 247–263

Classification and generation of disturbance vectors for collision attacks against SHA-1


DOI: 10.1007/s10623-010-9458-9

Cite this article as:
Manuel, S. Des. Codes Cryptogr. (2011) 59: 247. doi:10.1007/s10623-010-9458-9


The main contribution of this paper is to provide a classification of disturbance vectors used in differential collision attacks against \({\tt{SHA}-1}\) . We show that all published disturbance vectors can be classified into two types of vectors, type-I and type-II. We present a deterministic algorithm which produce efficient disturbance vectors with respect to any given cost function. We define two simple cost functions to evaluate the efficiency of a candidate disturbance vector. Using our algorithm and those cost function we retrieved all previously known vectors and found that the most efficient disturbance vector is the one first reported as Codeword2 by Jutla and Patthak, A matching lower bound on the minimum weight of SHA-1 expansion code. Cryptology ePrint Archive, Report 2005/266, (2005). We also present a statistical evaluation of local collisions’ holding probabilities and show that the common assumption of local collision independence is flawed.


Hash functions \({\tt{SHA}-1}\) Collision attack Disturbance vector Local collisions independence 

Mathematics Subject Classification (2000)


Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.CRI Paris-RocquencourtLe Chesnay CedexFrance

Personalised recommendations