Designs, Codes and Cryptography

, Volume 59, Issue 1–3, pp 247–263 | Cite as

Classification and generation of disturbance vectors for collision attacks against SHA-1

Article

Abstract

The main contribution of this paper is to provide a classification of disturbance vectors used in differential collision attacks against \({\tt{SHA}-1}\) . We show that all published disturbance vectors can be classified into two types of vectors, type-I and type-II. We present a deterministic algorithm which produce efficient disturbance vectors with respect to any given cost function. We define two simple cost functions to evaluate the efficiency of a candidate disturbance vector. Using our algorithm and those cost function we retrieved all previously known vectors and found that the most efficient disturbance vector is the one first reported as Codeword2 by Jutla and Patthak, A matching lower bound on the minimum weight of SHA-1 expansion code. Cryptology ePrint Archive, Report 2005/266, (2005). We also present a statistical evaluation of local collisions’ holding probabilities and show that the common assumption of local collision independence is flawed.

Keywords

Hash functions \({\tt{SHA}-1}\) Collision attack Disturbance vector Local collisions independence 

Mathematics Subject Classification (2000)

94A60 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Biham E., Chen R.: Near-collisions of SHA-0. In: Franklin M.K. (ed.) Advances in Cryptology—CRYPTO 2004, vol. 3152 of Lecture Notes in Computer Science, pp. 290–305. Springer-Verlag, Berlin (2004).Google Scholar
  2. 2.
    Biham E., Chen R., Joux A., Carribault P., Lemuet C., Jalby W.: Collisions of SHA-0 and reduced SHA-1. In: Cramer R. (ed.) Advances in Cryptology—EUROCRYPT 2005, vol. 3494 of Lecture Notes in Computer Science, pp. 36–57. Springer-Verlag, Berlin (2005).Google Scholar
  3. 3.
    Chabaud F., Joux A.: Differential collisions in SHA-0. In: Krawczyk H. (ed.) Advances in Cryptology—CRYPTO 1998, vol. 1462 of Lecture Notes in Computer Science, pp. 56–71. Springer-Verlag, Berlin (1998).Google Scholar
  4. 4.
    De Cannière C., Rechberger C.: Finding SHA-1 characteristics: General results and applications. In: Lai X. Chen K. (eds.) Advances in Cryptology—ASIACRYPT 2006, vol. 4284 of Lecture Notes in Computer Science, pp. 1–20. Springer-Verlag, Berlin (2006).Google Scholar
  5. 5.
    De Cannière C., Mendel F., Rechberger C.: Collisions for 70-step SHA-1: on the full cost of collision search. In: Adams C., Miri A., Wiener M. (eds.) Selected Areas in Cryptography—SAC 2007, vol. 4876 of Lecture Notes in Computer Science, pp. 56–73. Springer-Verlag, Berlin (2007).Google Scholar
  6. 6.
    Joux A., Peyrin T.: Hash functions and the (amplified) boomerang attack. In: Menezes A. (ed.) Advances in Cryptology—CRYPTO 2007, vol. 4622 of Lecture Notes in Computer Science, pp. 244–263. Springer-Verlag, Berlin (2007).Google Scholar
  7. 7.
    Jutla C.S., Patthak A.C.: A matching lower bound on the minimum weight of SHA-1 expansion code. Cryptology ePrint Archive, Report 2005/266. http://eprint.iacr.org (2005).
  8. 8.
    Manuel S.: Classification and generation of disturbance vectors for collision attacks against SHA-1. Cryptology ePrint Archive, Report 2008/469. http://eprint.iacr.org (2008).
  9. 9.
    Manuel S., Peyrin T.: Collisions on SHA-0 in one hour. In Nyberg K. (ed.) Fast Software Encryption—FSE 2008, vol. 5086 of Lecture Notes in Computer Science, pp 16–35. Springer-Verlag, Berlin (2008).Google Scholar
  10. 10.
    Matusiewicz K., Pieprzyk J.: Finding good differential patterns for attacks on SHA-1. In: Proceedings of International Workshop on Coding and Cryptography—WCC 2005, vol. 3969 of Lecture Notes in Computer Science, pp. 164–177. Springer-Verlag, Berlin (2005).Google Scholar
  11. 11.
    Mendel F., Pramstaller N., Rechberger C., Rijmen V.: The impact of carries on the complexity of collision attacks on SHA-1. In: Robshaw M.J.B. (ed.) Fast Software Encryption—FSE 2006, vol. 4047 of Lecture Notes in Computer Science, pp. 278–292. Springer-Verlag, Berlin (2006).Google Scholar
  12. 12.
    Naito Y., Sasaki Y., Shimoyama T., Yajima J., Kunihiro N., Otha K.: Improved collision search for SHA-0. In: Lai X., Chen K. (eds.) Advances in Cryptology—ASIACRYPT 2006, vol. 4284 of Lecture Notes in Computer Science, pp. 21–36. Springer-Verlag, Berlin (2006).Google Scholar
  13. 13.
    National Institute of Standards and Technology. FIPS 180: Secure Hash Standard, May. http://csrc.nist.gov (1993).
  14. 14.
    National Institute of Standards and Technology. FIPS 180-1: Secure Hash Standard, April. http://csrc.nist.gov (1995).
  15. 15.
    Peyrin T.: Analyse de fonctions de hachage cryptographiques. Ph.D. Thesis in Cryptology (2008).Google Scholar
  16. 16.
    Pramstaller N., Rechberger C., Rijmen V.: Exploiting coding theory for collision attacks on SHA-1. In: Smart N.P. (ed.) Cryptography and Coding 2005, vol. 3796 of Lecture Notes in Computer Science, pp. 78–95. Springer-Verlag, Berlin (2005).Google Scholar
  17. 17.
    Rechberger C., Rijmen V.: On authentication with HMAC and non-random properties. In: Dietrich S., Dhamija R. (eds.) Finential Cryptography 2007, vol. 4886 of Lecture Notes in Computer Science, pp. 119–133. Springer-Verlag, Berlin (2007).Google Scholar
  18. 18.
    Rechberger C., Rijmen V.: New results on NMAC/HMAC when instantiated with popular hash functions. In: Mu Y. (ed.) Special Issue on Cryptography in Computer System Security, vol. 14, No. 2 of J. Univers. Comput. Sci., Journal of Univers. Comput. Sci. (2008).Google Scholar
  19. 19.
    Rijmen V., Oswald E.: Update on SHA-1. In: Menezes A.J. (ed.) The Cryptographers’ Track at the RSA Conference—CT-RSA 2005, vol. 3376 of Lecture Notes in Computer Science, pp. 58–71. Springer-Verlag, Berlin (2005).Google Scholar
  20. 20.
    Sugita M., Kawazoe M., Perret L., Imai H.: Algebraic cryptanalysis of 58-round SHA-1. In: Biryukov A. (ed.) Fast Software Encryption—FSE 2007, vol. 4593 of Lecture Notes in Computer Science, pp. 349–365. Springer-Verlag, Berlin (2007).Google Scholar
  21. 21.
    Wang X., Yu H., Yin Y.L.: Efficient collision search attacks on SHA-0. In: Shoup V. (ed.) Advances in Cryptology—CRYPTO 2005, vol. 3621 of Lecture Notes in Computer Science, pp. 1–16. Springer-Verlag, Berlin (2005).Google Scholar
  22. 22.
    Wang X., Yin Y.L., Yu H.: Finding collisions in the full SHA-1. In: Shoup V. (ed.) Advances in Cryptology—CRYPTO 2005, vol. 3621 of Lecture Notes in Computer Science, pp. 17–36. Springer-Verlag, Berlin (2005).Google Scholar
  23. 23.
    Wang X., Yin Y.L., Yu H.: New collision search for SHA-1. In: Proceedings of NIST Cryptographic Hash Workshop. http://csrc.nist.gov (2005).
  24. 24.
    Yajima J., Iwasaki T., Naito Y., Sasaki Y., Shimoyama T., Kunihiro N., Ohta K.: A strict evaluation method on the number of conditions for the SHA-1 collision search. In: Proceedings of the ASIACCS 2008, 18–20 March, Tokyo, Japan (2008).Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.CRI Paris-RocquencourtLe Chesnay CedexFrance

Personalised recommendations