Finding SHA-1 Characteristics: General Results and Applications

  • Christophe De Cannière
  • Christian Rechberger
Conference paper

DOI: 10.1007/11935230_1

Part of the Lecture Notes in Computer Science book series (LNCS, volume 4284)
Cite this paper as:
De Cannière C., Rechberger C. (2006) Finding SHA-1 Characteristics: General Results and Applications. In: Lai X., Chen K. (eds) Advances in Cryptology – ASIACRYPT 2006. ASIACRYPT 2006. Lecture Notes in Computer Science, vol 4284. Springer, Berlin, Heidelberg


The most efficient collision attacks on members of the SHA family presented so far all use complex characteristics which were manually constructed by Wang et al. In this report, we describe a method to search for characteristics in an automatic way. This is particularly useful for multi-block attacks, and as a proof of concept, we give a two-block collision for 64-step SHA-1 based on a new characteristic. The highest number of steps for which a SHA-1 collision was published so far was 58. We also give a unified view on the expected work factor of a collision search and the needed degrees of freedom for the search, which facilitates optimization.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Christophe De Cannière
    • 1
    • 2
  • Christian Rechberger
    • 1
  1. 1.Institute for Applied Information Processing and CommunicationsGraz University of TechnologyGrazAustria
  2. 2.Dept. ESAT/SCD-COSICKatholieke Universiteit LeuvenHeverleeBelgium

Personalised recommendations