Update on SHA-1

  • Vincent Rijmen
  • Elisabeth Oswald
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3376)


We report on the experiments we performed in order to assess the security of SHA-1 against the attack by Chabaud and Joux [5]. We present some ideas for optimizations of the attack and some properties of the message expansion routine. Finally, we show that for a reduced version of SHA-1, with 53 rounds instead of 80, it is possible to find collisions in less than 280 operations.


hash functions cryptanalysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Biham, E., Chen, R.: Near-collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)Google Scholar
  2. 2.
    Biham, E., Chen, R.: Near-Collisions of SHA-0. Cryptology ePrint Archive, Report 2004/146 (2004), version of June 22,
  3. 3.
    Canteaut, A., Chabaud, F.: A new algorithm for finding minimum-weight words in a linear code: application to McEliece’s cryptosystem and to narrow-sense BCH codes of length 511. IEEE Transactions on Information Theory 44(1) (January 1998)Google Scholar
  4. 4.
    Federal Information Processing Standard 180-2, Secure Hash Standard, (August 1, 2002)Google Scholar
  5. 5.
    Chabaud, F., Joux, A.: Differential collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)Google Scholar
  6. 6.
    Saarinen, M.-J.O.: Cryptanalysis of Block Ciphers Based on SHA-1 and MD5. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 36–44. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Vincent Rijmen
    • 1
    • 2
  • Elisabeth Oswald
    • 1
  1. 1.IAIKGraz University of TechnologyGrazAustria
  2. 2.Cryptomathic A/SÅrhus CDenmark

Personalised recommendations