Cryptography and Communications

, Volume 1, Issue 2, pp 135–173

A combinatorial analysis of recent attacks on step reduced SHA-2 family


DOI: 10.1007/s12095-009-0011-5

Cite this article as:
Sanadhya, S.K. & Sarkar, P. Cryptogr. Commun. (2009) 1: 135. doi:10.1007/s12095-009-0011-5


We perform a combinatorial analysis of the SHA-2 compression function. This analysis explains in a unified way the recent attacks against reduced round SHA-2. We start with a general class of local collisions and show that the previously used local collision by Nikolić and Biryukov (NB) and Sanadhya and Sarkar (SS) are special cases. The study also clarifies several advantages of the SS local collision over the NB local collision. Deterministic constructions of up to 22-round SHA-2 collisions are described using the SS local collision and up to 21-round SHA-2 collisions are described using the NB local collision. For 23 and 24-round SHA-2, we describe a general strategy and then apply the SS local collision to this strategy. The resulting attacks are faster than those proposed by Indesteege et al using the NB local collision. We provide colliding message pairs for 22, 23 and 24-round SHA-2. Although these attacks improve upon the existing reduced round SHA-256 attacks, they do not threaten the security of the full SHA-2 family.1


SHA-2 family Reduced round collisions Cryptanalysis 

Mathematics Subject Classifications (2000)

94A60 Cryptography 

Copyright information

© Springer Science + Business Media, LLC 2009

Authors and Affiliations

  1. 1.Applied Statistics UnitIndian Statistical InstituteKolkataIndia

Personalised recommendations