Advertisement

Near-Collisions of SHA-0

  • Eli Biham
  • Rafi Chen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3152)

Abstract

In this paper we find two near-collisions of the full compression function of SHA-0, in which up to 142 of the 160 bits of the output are equal. We also find many full collisions of 65-round reduced SHA-0, which is a large improvement to the best previous result of 35 rounds. We use the very surprising fact that the messages have many neutral bits, some of which do not affect the differences for about 15–20 rounds. We also show that 82-round SHA-0 is much weaker than the (80-round) SHA-0, although it has more rounds. This fact demonstrates that the strength of SHA-0 is not monotonous in the number of rounds.

References

  1. 1.
    Anderson, R., Biham, E.: Tiger: a Fast New Hash Function. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 89–97. Springer, Heidelberg (1996)Google Scholar
  2. 2.
    Biham, E., Shamir, A.: Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 156–171. Springer, Heidelberg (1992)Google Scholar
  3. 3.
    Chabaud, F., Joux, A.: Differential Collisions in SHA-0, Advanced in Cryptology. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)Google Scholar
  4. 4.
    Dobbertin, H.: Cryptanalysis of MD4. Journal of Cryptology 11, 253–271 (1998)zbMATHCrossRefGoogle Scholar
  5. 5.
    Genaro, R., Halevi, S., Rabin, T.: Secure Hash-and-Sign Signatures Without the Random Oracle. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 123–139. Springer, Heidelberg (1999)Google Scholar
  6. 6.
    Joux, A.: private communications (2004)Google Scholar
  7. 7.
    Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  8. 8.
    National Institute of Standards and Technologies, Secure Hash Standard, Federal Information Processing Standards Publication, FIPS-180 (May 1993)Google Scholar
  9. 9.
    National Institute of Standards and Technologies, Secure Hash Standard, Federal Information Processing Standards, Publication FIPS-180-1 (April 1995)Google Scholar
  10. 10.
    National Institute of Standards and Technologies, FIPS 180-2 Secure Hash Standard, Change Notice 1, Federal Information Processing Standards Publication, FIPS-180-2 (December 2003)Google Scholar
  11. 11.
    National Institute of Standards and Technologies, Secure Hash Standard, Federal Information Processing Standards Publication, FIPS-180-2 (August 2002)Google Scholar
  12. 12.
    Rivest, R.: The MD4 Message-Digest Algorithm, NetworkWorking Group Request for Comments:1186 (October 1990)Google Scholar
  13. 13.
    Rivest, R.: The MD5 Message-Digest Algorithm, NetworkWorking Group Request for Comments:1321 (April 1992)Google Scholar
  14. 14.
    Merkle, R.: A Fast Software One-Way Hash Function. Journal of Cryptology 3(1), 43–58 (1990)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Vaudenay, S.: On the Need for Multipermutation: Cryptanalysis of MD4 and SAFER. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 286–297. Springer, Heidelberg (1995)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Eli Biham
    • 1
  • Rafi Chen
    • 1
  1. 1.Computer Science DepartmentTechnion Israel Institute of TechnologyHaifaIsrael

Personalised recommendations