Finding SHA-1 Characteristics: General Results and Applications

Christophe De Cannière; Christian Rechberger

doi:10.1007/11935230_1

International Conference on the Theory and Application of Cryptology and Information Security

ASIACRYPT 2006: Advances in Cryptology – ASIACRYPT 2006 pp 1-20

Finding SHA-1 Characteristics: General Results and Applications

Authors
Authors and affiliations

Christophe De Cannière
Christian Rechberger

Conference paper

DOI: 10.1007/11935230_1

Part of the Lecture Notes in Computer Science book series (LNCS, volume 4284)

Cite this paper as:: De Cannière C., Rechberger C. (2006) Finding SHA-1 Characteristics: General Results and Applications. In: Lai X., Chen K. (eds) Advances in Cryptology – ASIACRYPT 2006. ASIACRYPT 2006. Lecture Notes in Computer Science, vol 4284. Springer, Berlin, Heidelberg

Abstract

The most efficient collision attacks on members of the SHA family presented so far all use complex characteristics which were manually constructed by Wang et al. In this report, we describe a method to search for characteristics in an automatic way. This is particularly useful for multi-block attacks, and as a proof of concept, we give a two-block collision for 64-step SHA-1 based on a new characteristic. The highest number of steps for which a SHA-1 collision was published so far was 58. We also give a unified view on the expected work factor of a collision search and the needed degrees of freedom for the search, which facilitates optimization.

Download to read the full conference paper text

References

1.
Biham, E., Chen, R.: Near-Collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)Google Scholar
2.
Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C., Jalby, W.: Collisions of SHA-0 and Reduced SHA-1. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 36–57. Springer, Heidelberg (2005)CrossRefGoogle Scholar
3.
Black, J.A., Cochran, M., Highland, T.: A Study of the MD5 Attacks: Insights and Improvements. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 262–277. Springer, Heidelberg (2006)CrossRefGoogle Scholar
4.
Chabaud, F., Joux, A.: Differential Collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)Google Scholar
5.
Jutla, C.S., Patthak, A.C.: Provably Good Codes for Hash Function Design. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 376–393. Springer, Heidelberg (2007)CrossRefGoogle Scholar
6.
Kelsey, J., Kohno, T.: Herding Hash Functions and the Nostradamus Attack. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 183–200. Springer, Heidelberg (2006)CrossRefGoogle Scholar
7.
Klima, V.: Tunnels in Hash Functions: MD5 Collisions Within a Minute. Cryptology ePrint Archive, Report 2006/105 (2006), http://eprint.iacr.org/
8.
Liang, J., Lai, X.: Improved Collision Attack on Hash Function MD5. Cryptology ePrint Archive, Report 2005/425 (2005), http://eprint.iacr.org/
9.
Naito, Y., Sasaki, Y., Kunihiro, N., Ohta, K.: Improved Collision Attack on MD4. Cryptology ePrint Archive, Report 2005/151 (2005), http://eprint.iacr.org/
10.
Naito, Y., Sasaki, Y., Shimoyama, T., Yajima, J., Kunihiro, N., Ohta, K.: Message Modification for Step 21-23 on SHA-0. Cryptology ePrint Archive, Report 2006/016 (2006), http://eprint.iacr.org/
11.
National Institute of Standards and Technology (NIST). FIPS-180-2: Secure Hash Standard (August 2002), Available online at: http://www.itl.nist.gov/fipspubs/
12.
Pramstaller, N., Rechberger, C., Rijmen, V.: Exploiting Coding Theory for Collision Attacks on SHA-1. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 78–95. Springer, Heidelberg (2005)CrossRefGoogle Scholar
13.
Rijmen, V., Oswald, E.: Update on SHA-1. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 58–71. Springer, Heidelberg (2005)CrossRefGoogle Scholar
14.
Schläffer, M., Oswald, E.: Searching for Differential Paths in MD4. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 242–261. Springer, Heidelberg (2006)CrossRefGoogle Scholar
15.
Stevens, M.: Fast Collision Attack on MD5. Cryptology ePrint Archive, Report 2006/104 (2006), http://eprint.iacr.org/
16.
Sugita, M., Kawazoe, M., Imai, H.: Gröbner Basis Based Cryptanalysis of SHA-1. Cryptology ePrint Archive, Report 2006/098 (2006), http://eprint.iacr.org/
17.
Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)CrossRefGoogle Scholar
18.
Wang, X., Yao, A., Yao, F.: Cryptanalysis of SHA-1. In: The Cryptographic Hash Workshop hosted by NIST (October 2005)
19.
Wang, X., Yao, A., Yao, F.: New Collision Search for SHA-1. In: Rump session of CRYPTO (August 2005)
20.
Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar
21.
Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar
22.
Wang, X., Yu, H., Yin, Y.L.: Efficient Collision Search Attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)Google Scholar
23.
Yin, Y.L.: Personal Communication (March 2006)

Copyright information

Authors and Affiliations

Christophe De Cannière
- 1
- 2
Christian Rechberger
- 1

1.Institute for Applied Information Processing and CommunicationsGraz University of TechnologyGrazAustria
2.Dept. ESAT/SCD-COSICKatholieke Universiteit LeuvenHeverleeBelgium

Finding SHA-1 Characteristics: General Results and Applications

Abstract

Copyright information

Authors and Affiliations

Personalised recommendations

Cookies