Cryptography and Communications

, Volume 1, Issue 2, pp 135–173 | Cite as

A combinatorial analysis of recent attacks on step reduced SHA-2 family

Article
  • 195 Downloads

Abstract

We perform a combinatorial analysis of the SHA-2 compression function. This analysis explains in a unified way the recent attacks against reduced round SHA-2. We start with a general class of local collisions and show that the previously used local collision by Nikolić and Biryukov (NB) and Sanadhya and Sarkar (SS) are special cases. The study also clarifies several advantages of the SS local collision over the NB local collision. Deterministic constructions of up to 22-round SHA-2 collisions are described using the SS local collision and up to 21-round SHA-2 collisions are described using the NB local collision. For 23 and 24-round SHA-2, we describe a general strategy and then apply the SS local collision to this strategy. The resulting attacks are faster than those proposed by Indesteege et al using the NB local collision. We provide colliding message pairs for 22, 23 and 24-round SHA-2. Although these attacks improve upon the existing reduced round SHA-256 attacks, they do not threaten the security of the full SHA-2 family.1

Keywords

SHA-2 family Reduced round collisions Cryptanalysis 

Mathematics Subject Classifications (2000)

94A60 Cryptography 

References

  1. 1.
    Biham, E., Chen, R.: Near-collisions of SHA-0. In: Matthew Franklin, K. (ed.) Advances in Cryptology—CRYPTO 2004, 24th Annual International Cryptology Conference, Santa Barbara, California, USA, 15–19 August 2004, Proceedings. Lecture Notes in Computer Science, vol. 3152, pp. 290–305. Springer, New York (2004)Google Scholar
  2. 2.
    Chabaud, F., Joux, A.: Differential collisions in SHA-0. In: Krawczyk, H. (ed.) Advances in Cryptology—CRYPTO 1998, 18th Annual International Cryptology Conference, Santa Barbara, California, USA, 23–27 August 1998, Proceedings. Lecture Notes in Computer Science, vol. 1462, pp. 56–71. Springer, New York (1998)Google Scholar
  3. 3.
    Damgård, I.: A design principle for hash functions. In: Brassard, G. (ed.): Advances in Cryptology—CRYPTO ’89, 9th Annual International Cryptology Conference, Santa Barbara, California, USA, 20–24 August 1989, Proceedings. Lecture Notes in Computer Science, vol. 435, pp. 416–427. Springer, New York (1990)Google Scholar
  4. 4.
    Dobbertin, H.: Cryptanalysis of MD4. In: Gollmann, D. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 1039, pp 53–69. Springer, New York (1996)Google Scholar
  5. 5.
    Dobbertin, H.: Cryptanalysis of MD4. J. Cryptol. 11(4), 253–271 (1998)MATHCrossRefGoogle Scholar
  6. 6.
    Gilbert, H., Handschuh, H.: Security analysis of SHA-256 and sisters. In: Matsui, M., Robert Zuccherato, J. (eds.) Selected Areas in Cryptography, 10th Annual International Workshop, SAC 2003, Ottawa, Canada, 14–15 August 2003, Revised Papers. Lecture Notes in Computer Science, vol. 3006, pp. 175–193. Springer, New York (2003)Google Scholar
  7. 7.
    Indesteege, S., Mendel, F., Preneel, B., Rechberger, C.: Collisions and other non-random properties for step-reduced SHA-256. In: Selected Areas in Cryptography, 15th Annual International Workshop, SAC 2008, Revised Papers, Sackville, 14–15 August 2008Google Scholar
  8. 8.
    Indesteege, S., Mendel, F., Preneel, B., Rechberger, C.: Collisions and other non-random properties for step-reduced SHA-256. Cryptology eprint Archive, April 2008. http://eprint.iacr.org/cgi-bin/versions.pl?entry=2008/131 (there are 7 versions dated 25 Mar, 27 Mar, 01 Apr, 08 Apr (2 versions), 14 Jul, 15 Jul) (2008)
  9. 9.
    Klima, V.: Tunnels in Hash Functions: MD5 Collisions Within a Minute. Cryptology ePrint Archive, Report 2006/105 (2006). http://eprint.iacr.org/
  10. 10.
    Mendel, F., Pramstaller, N., Rechberger, C., Rijmen, V.: Analysis of step-reduced SHA-256. In: Matthew Robshaw, J.B. (ed.) Fast Software Encryption, 13th International Workshop, FSE 2006, Graz, Austria, 15–17 March 2006, Revised Selected Papers. Lecture Notes in Computer Science, vol. 4047, pp. 126–143. Springer, New York (2006)Google Scholar
  11. 11.
    Mendel, F., Pramstaller, N., Rechberger, C., Rijmen, V.: Analysis of step-reduced SHA-256. Cryptology eprint Archive, March (2008) http://eprint.iacr.org/2008/130
  12. 12.
    Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.): Advances in Cryptology—CRYPTO ’89, 9th Annual International Cryptology Conference, Santa Barbara, California, USA, 20–24 August 1989, Proceedings. Lecture Notes in Computer Science, vol. 435, pp. 428–446. Springer, New York (1990)Google Scholar
  13. 13.
    Nikolić, I., Biryukov, A.: Collisions for step-reduced SHA-256. In: Nyberg, K. (ed.) Fast Software Encryption, 15th International Workshop, FSE 2008, Lausanne, Switzerland, 26–28 March 2008. Lecture Notes in Computer Science, vol. 5086, pp. 1–16. Springer, New York (2008)Google Scholar
  14. 14.
    Sanadhya, S.K., Sarkar, P.: 22-step collisions for SHA-2. arXiv e-print archive, arXiv:0803.1220v1, March 2008. http://de.arxiv.org/abs/0803.1220 (dated 08 Mar) (2008)
  15. 15.
    Sanadhya, S.K., Sarkar, P.: New local collisions for the SHA-2 hash family. In: Nam, K.-H., Rhee, G. (ed.) Information Security and Cryptology—ICISC 2007, 10th International Conference, Seoul, Korea, 29–30 November 2007, Proceedings. Lecture Notes in Computer Science, vol. 4817, pp. 193–205. Springer, New York (2007)Google Scholar
  16. 16.
    Sanadhya, S.K., Sarkar, P.: Attacking reduced round SHA-256. In: Bellovin, S., Gennaro, R. (eds.) Applied Cryptography and Network Security—ACNS 2008, 6th International Conference, New York, NY, 03–06 June 2008, Proceedings. Lecture Notes in Computer Science, vol. 5037. Springer, New York (2008)Google Scholar
  17. 17.
    Sanadhya, S.K., Sarkar, P.: Attacking step reduced SHA-2 family in a unified framework. Cryptology ePrint Archive, Report 2008/271, 2008. http://eprint.iacr.org/ (dated Jun 12, and Jun 19) (2008)
  18. 18.
    Sanadhya, S.K., Sarkar, P.: Deterministic constructions of 21-step collisions for the SHA-2 hash family. In: Editors, editor, Information Security, 11th International Conference, ISC 2008, Taipei, Taiwan, September 2008, Proceedings. Lecture Notes in Computer Science. Springer, New York (2008)Google Scholar
  19. 19.
    Sanadhya, S.K., Sarkar, P.: New collision attacks against up to 24-step SHA-2 . In: Progress in Cryptology—INDOCRYPT 2008, 9th International Conference on Cryptology in India, Kharagpur, 14–17 December 2008Google Scholar
  20. 20.
    Sanadhya, S.K., Sarkar, P.: Non-linear reduced round attacks against SHA-2 Hash family. In: Mu, Y., Susilo, W. (eds.) Information Security and Privacy - ACISP 2008, The 13th Australasian Conference, Wollongong, Australia, 7–9 July 2008, Proceedings. Lecture Notes in Computer Science, vol. 5107. Springer, New York (2008)Google Scholar
  21. 21.
    Secure Hash Standard: Federal Information Processing Standard Publication 180-2. Department, U.S., of Commerce, National Institute of Standards and Technology(NIST) (2002). http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenot ice.pdf
  22. 22.
    Stevens, M., Lenstra, A.K., de Weger, B.: Chosen-prefix collisions for MD5 and colliding X.509 certificates for different identities. In: Naor, M. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 4515, pp. 1–22. Springer, New York (2007)Google Scholar
  23. 23.
    Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R. (ed.): Advances in Cryptology—EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, 22–26 May 2005, Proceedings. Lecture Notes in Computer Science, vol. 3494, pp. 1–18. Springer, New York (2005)Google Scholar
  24. 24.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) Advances in Cryptology—CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, 14–18 August 2005, Proceedings. Lecture Notes in Computer Science, vol. 3621, pp. 17–36. Springer, New York (2005)Google Scholar
  25. 25.
    Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.): Advances in Cryptology—EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, 22–26 May 2005, Proceedings. Lecture Notes in Computer Science, vol. 3494, pp. 19–35. Springer, New York (2005)Google Scholar

Copyright information

© Springer Science + Business Media, LLC 2009

Authors and Affiliations

  1. 1.Applied Statistics UnitIndian Statistical InstituteKolkataIndia

Personalised recommendations