Advertisement

Finding Good Differential Patterns for Attacks on SHA-1

  • Krystian Matusiewicz
  • Josef Pieprzyk
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3969)

Abstract

In this paper we analyse properties of the message expansion algorithm of SHA-1 and describe a method of finding differential patterns that may be used to attack reduced versions of SHA-1. We show that the problem of finding optimal differential patterns for SHA-1 is equivalent to the problem of finding minimal weight codeword in a large linear code. Finally, we present a number of patterns of different lengths suitable for finding collisions and near-collisions and discuss some bounds on minimal weights of them.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Biham, E., Chen, R.: Near-collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Biham, E., Chen, R.: Near-collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Bosselaers, A., Preneel, B. (eds.): RIPE 1992. LNCS, vol. 1007. Springer, Heidelberg (1995)Google Scholar
  4. 4.
    Canteaut, A., Chabaud, F.: A new algorithm for finding minimum-weight words in a linear code: application to McEliece’s cryptosystem and to narrow-sense BCH codes of length 511. IEEE T. Inform. Theory 44(1), 367–378 (1998)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Chabaud, F.: On the security of some cryptosystems based on error-correcting codes. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 131–139. Springer, Heidelberg (1995)Google Scholar
  6. 6.
    Chabaud, F., Joux, A.: Differential collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  7. 7.
    den Boer, B., Bosselaers, A.: An attack on the last two rounds of MD4. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 194–203. Springer, Heidelberg (1992)Google Scholar
  8. 8.
    Dobbertin, H.: The status of MD5 after a recent attack. CryptoBytes 2(2), 1,3–6 (1996)MathSciNetGoogle Scholar
  9. 9.
    Dobbertin, H.: RIPEMD with two-round compress function is not collison free. Journal of Cryptology 10(1), 51–70 (1997)CrossRefzbMATHGoogle Scholar
  10. 10.
    Dobbertin, H.: Cryptanalysis of MD4. Journal of Cryptology 11(4), 253–271 (1998)CrossRefzbMATHGoogle Scholar
  11. 11.
    FIPS 180. Secure hash standard (SHS). National Institute of Standards and Technology (May 1993) Replaced by [15]Google Scholar
  12. 12.
    Joux, A.: Collisions in SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152. Springer, Heidelberg (2004)Google Scholar
  13. 13.
    Lemuet, C.: Collision in SHA-0. sci.crypt newsgroup message, Message-ID: cfg0071h1b1@io.uvsq.fr, August 12 (2004)Google Scholar
  14. 14.
    Leon, J.S.: A probabilistic algorithm for computing minimum weights of large error-correcting codes. IEEET. Inform. Theory 34(5), 1354–1359 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    National Institute of Standards and Technology. Secure hash standard (SHS). FIPS 180-2 (August 2002)Google Scholar
  16. 16.
    Pramstaller, N., Rechberger, C., Rijmen, V.: Exploiting coding theory for collision attacks on SHA-1. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 78–95. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Rijmen, V., Oswald, E.: Update on SHA-1. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 58–71. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Rivest, R.L.: The MD4 message digest algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)Google Scholar
  19. 19.
    Rivest, R.L.: The MD4 message digest algorithm. Request for Comments (RFC) 1320, Internet Engineering Task Force (April 1992)Google Scholar
  20. 20.
    Rivest, R.L.: The MD5 message digest algorithm. Request for Comments (RFC) 1321, Internet Engineering Task Force (April 1992)Google Scholar
  21. 21.
    Van Rompay, B., Biryukov, A., Preneel, B., Vandewalle, J.: Cryptanalysis of 3-pass HAVAL. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 228–245. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Vardy, A.: The intractability of computing the minimum distance of a code. IEEET. Inform. Theory 43(6), 1757–1766 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the hash functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  24. 24.
    Wang, X., Lai, X., Feng, D., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, Springer, Heidelberg (2004)Google Scholar
  25. 25.
    Wang, X., Lai, X., Feng, D., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. Cryptology ePrint Archive, Report, 2004/199 (August 2004), http://eprint.iacr.org/
  26. 26.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  27. 27.
    Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  28. 28.
    Wang, X., Yu, H., Yin, Y.L.: Efficient collision search attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  29. 29.
    Zheng, Y., Pieprzyk, J.: HAVAL – a one-way hashing algorithm with variable length of output. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 83–104. Springer, Heidelberg (1993)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Krystian Matusiewicz
    • 1
  • Josef Pieprzyk
    • 1
  1. 1.Centre for Advanced Computing – Algorithms and Cryptography, Department of ComputingMacquarie UniversitySydneyAustralia

Personalised recommendations