Evaluate the security margins of SHA-512, SHA-256 and DHA-256 against the boomerang attack

评估飞去来器方法对 SHA-512, SHA-256 和 DHA-256 三种哈希函数的攻击效率

Abstract

For an n-bit random permutation, there are three types of boomerang distinguishers, denoted as Type I, II and III, with generic complexities 2n, 2n/3 and 2n/2 respectively. In this paper, we try to evaluate the security margins of three hash functions namely SHA-512, SHA-256 and DHA-256 against the boomerang attack. Firstly, we give a boomerang attack on 48-step SHA-512 with a practical complexity of 251. The correctness of this attack is verified by providing a Type III boomerang quartet. Then, we extend the existing differential characteristics of the three hash functions to more rounds. We deduce the sufficient conditions and give thorough evaluations to the security margins as follows: Type I boomerang method can attack 54-step SHA-512, 51-step SHA-256 and 46-step DHA-256 with complexities 2480, 2218 and 2236 respectively. Type II boomerang method can attack 51-step SHA-512, 49-step SHA-256 and 43-step DHA-256 with complexities 2158.50, 272.91 and 274.50 respectively. Type III boomerang method can attack 52-step SHA-512, 50-step SHA-256 and 44-step DHA-256 with complexities 2223.80, 2123.63 and 299.85 respectively.

摘要

创新点

本文研究了飞去来器方法对 SHA-512, SHA-256 和 DHA-256 三种哈希函数的攻击效率。 首次给出了对 48 轮 SHA-512 的实际飞去来器攻击结果, 攻击复杂度为$2^{51}$。 通过扩展现有的查分路径, 证明:

  1. I

    型飞去来器方法可以攻击 54 轮 SHA-512, 51 轮 SHA-256 和 46 轮 DHA-256。 攻击复杂度分别为$2^{480}$, $2^{218}$和$2^{236}$。

  2. II

    型飞去来器方法可以攻击 51 轮 SHA-512, 49 轮 SHA-256 和 43 轮 DHA-256。 攻击复杂度分别为$2^{158.50}$, $2^{72.91}$和$2^{74.50}$。

  3. III

    型飞去来器方法可以攻击 52 轮 SHA-512, 50 轮 SHA-256 和 44 轮 DHA-256。 攻击复杂度分别为$2^{223.80}$, $2^{123.63}$和$2^{99.85}$。

This is a preview of subscription content, access via your institution.

References

  1. 1

    Wang X Y, Yu H B. How to break MD5 and other hash functions. In: Proceedings of 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, 2005. 19–35

    Google Scholar 

  2. 2

    Wang X Y, Yin Y L, Yu H B. Finding collisions in the full SHA-1. In: Proceedings of 25th Annual International Cryptology Conference, Santa Barbara, 2005. 17–36

    Google Scholar 

  3. 3

    Kayser R F. Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3) family. Federal Register, 2007, 72: 62

    Google Scholar 

  4. 4

    Isobe T, Shibutani K. Preimage attacks on reduced Tiger and SHA-2. In: Proceedings of 16th International Workshop on Fast Software Encryption, Leuven, 2009. 139–155

    Google Scholar 

  5. 5

    Guo J, Ling S, Rechberger C, et al. Advanced meet-in-the-middle preimage attacks: first results on full Tiger, and improved results on MD4 and SHA-2. In: Proceedings of 16th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, 2010. 56–75

    Google Scholar 

  6. 6

    Khovratovich D, Rechberger C, Savelieva A. Bicliques for preimages: attacks on Skein-512 and the SHA-2 Family. In: Proceedings of 19th International Workshop on Fast Software Encryption, Washington, DC, 2012. 244–263

    Google Scholar 

  7. 7

    Mendel F, Pramstaller N, Rechberger C, et al. Analysis of step-reduced SHA-256. In: Proceedings of 13th International Workshop on Fast Software Encryption, Graz, 2006. 126–143

    Google Scholar 

  8. 8

    Sanadhya S K, Sarkar P. New collision attacks against up to 24-step SHA-2. In: Proceedings of 9th International Conference on Cryptology in India, Kharagpur, 2008. 91–103

    Google Scholar 

  9. 9

    Nikolic I, Biryukov A. Collisions for step-reduced SHA-256. In: Proceedings of 15th International Workshop on Fast Software Encryption, Lausanne, 2008. 1–15

    Google Scholar 

  10. 10

    Indesteege S, Mendel F, Preneel B, et al. Collisions and other non-random properties for step-reduced SHA-256. In: Proceedings of 15th International Workshop on Selected Areas in Cryptography, Sackville, 2008. 276–293

    Google Scholar 

  11. 11

    Mendel F, Nad T, Schläffer M. Finding SHA-2 characteristics: searching through a minefield of contradictions. In: Proceedings of 17th International Conference on the Theory and Application of Cryptology and Information Security, Seoul, 2011. 288–307

    Google Scholar 

  12. 12

    Mendel F, Nad T, Schläffer M. Improving local collisions: new attacks on reduced SHA-256. In: Proceedings of 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, 2013. 262–278

    Google Scholar 

  13. 13

    Lee J, Chang D, Kim H, et al. A new 256-bit hash function DHA-256: enhancing the security of SHA-256. In: Proceedings of Cryptographic Hash Workshop Hosted by NIST, 2005. https://cse.sc.edu/~buell/csce557/NIST SHA/ChangD DHA256.pdf

    Google Scholar 

  14. 14

    Wagner D. The boomerang attack. In: Proceedings of 6th International Workshop on Fast Software Encryption, Rome, 1999. 156–170

    Google Scholar 

  15. 15

    Kelsey J, Kohno T, Schneier B. Amplified boomerang attacks against reduced-round MARS and Serpent. In: Proceedings of 7th International Workshop on Fast Software Encryption, New York, 2000. 75–93

    Google Scholar 

  16. 16

    Biham E, Dunkelman O, Keller N. The rectangle attack—rectangling the Serpent. In: Proceeding of International Conference on the Theory and Application of Cryptographic Techniques, Innsbruck, 2001. 340–357

    Google Scholar 

  17. 17

    Biham E, Dunkelman O, Keller N. Related-Key boomerang and rectangle attacks. In: Proceedings of 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, 2005. 507–525

    Google Scholar 

  18. 18

    Biryukov A, Nikolic I, Roy A. Boomerang attacks on BLAKE-32. In: Proceedings of 18th International Workshop on Fast Software Encryption, Lyngby, 2011. 218–237

    Google Scholar 

  19. 19

    Lamberger M, Mendel F. Higher-order differential attack on reduced SHA-256. IACR Cryptology ePrint Archive. 2011. 37. https://eprint.iacr.org/2011/037.pdf

    Google Scholar 

  20. 20

    Biryukov A, Lamberger M, Mendel F, et al. Second-order differential collisions for reduced SHA-256. In: Proceedings of 17th International Conference on the Theory and Application of Cryptology and Information Security, Seoul, 2011. 270–287

    Google Scholar 

  21. 21

    Mendel F, Nad T. Boomerang distinguisher for the SIMD-512 compression function. In: Proceedings of 12th International Conference on Cryptology in India, Chennai, 2011. 255–269

    Google Scholar 

  22. 22

    Sasaki Y, Wang L. Distinguishers beyond three rounds of the RIPEMD-128/-160 compression functions. In: Proceedings of 10th International Conference on Applied Cryptography and Network Security, Singapore, 2012. 275–292

    Google Scholar 

  23. 23

    Sasaki Y, Wang L, Takasaki Y, et al. Boomerang distinguishers for full HAS-160 compression function. In: Proceedings of 7th International Workshop on Security, Fukuoka, 2012. 156–169

    Google Scholar 

  24. 24

    Leurent G, Roy A. Boomerang attacks on hash function using auxiliary differentials. In: Proceedings of the Cryptographers’ Track at the RSA Conference, San Francisco, 2012. 215–230

    Google Scholar 

  25. 25

    Yu H B, Chen J Z, Wang X Y. The boomerang attacks on the round-reduced Skein-512. In: Proceedings of 19th International Conference on Selected Areas in Cryptography, Windsor, 2012. 287–303

    Google Scholar 

  26. 26

    Kircanski A, Shen Y Z, Wang G L, et al. Boomerang and slide-rotational analysis of the SM3 hash function. In: Proceedings of 19th International Conference on Selected Areas in Cryptography, Windsor, 2012. 304–320

    Google Scholar 

  27. 27

    Bai D X, Yu H B, Wang G L, et al. Improved boomerang attacks on SM3. In: Proceedings of 18th Australasian Conference on Information Security and Privacy, Brisbane, 2013. 251–266

    Google Scholar 

  28. 28

    Bai D X, Yu H B, Wang G L, et al. Improved boomerang attacks on round-reduced SM3 and keyed permutation of BLAKE-256. IET Inf Secur, 2015, 9: 167–178

    MathSciNet  Article  Google Scholar 

  29. 29

    AlTawy R, Kircanski A, Youssef A M. Second order collision for the 42-step reduced DHA-256 hash function. Inf Process Lett, 2013, 113: 764–770

    MathSciNet  Article  MATH  Google Scholar 

  30. 30

    Menezes A, van Oorschot P C, Vanstone S A. Handbook of Applied Cryptography. CRC Press, 1996

    Google Scholar 

  31. 31

    US Department of Commerce. National Bureau of Standards, Secure Hash Algorithm, FIPS PUB 180-3. 2008

    Google Scholar 

  32. 32

    Wagner D. A generalized birthday problem. In: Proceedings of 22nd Annual International Cryptology Conference, Santa Barbara, 2002. 288–303

    Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Hongbo Yu.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Yu, H., Hao, Y. & Bai, D. Evaluate the security margins of SHA-512, SHA-256 and DHA-256 against the boomerang attack. Sci. China Inf. Sci. 59, 052110 (2016). https://doi.org/10.1007/s11432-015-5389-4

Download citation

Keywords

  • SHA-512
  • SHA-256
  • DHA-256
  • hash functions
  • boomerang attack

关键词

  • SHA-512
  • SHA-2256
  • DHA-256
  • 飞去来器攻击