Collisions for Step-Reduced SHA-256

  • Ivica Nikolić
  • Alex Biryukov
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5086)


In this article we find collisions for step-reduced SHA-256. We develop a differential that holds with high probability if the message satisfies certain conditions. We solve the equations that arise from the conditions. Due to the carefully chosen differential and word differences, the message expansion of SHA-256 has little effect on spreading the differences in the words. This helps us to find full collision for 21-step reduced SHA-256, semi-free start collision, i.e. collision for a different initial value, for 23-step reduced SHA-256, and semi-free start near collision (with only 15 bit difference out of 256 bits) for 25-step reduced SHA-256.


  1. 1.
    Secure Hash Standard. Federal Information Processing Starndard Publication 180-2. U.S. Department of Commerce, National Institute of Standards and Technology (NIST) (2004)Google Scholar
  2. 2.
    Gilbert, H., Handschuh, H.: Security analysis of SHA-256 and sisters. In: Matsui, M., Zuccherato, R.J. (eds.) Selected Areas in Cryptography, 2003. LNCS, vol. 3006, pp. 175–193. Springer, Heidelberg (2003)Google Scholar
  3. 3.
    Hawkes, P., Paddon, M., Rose, G.G.: On Corrective Patterns for the SHA-2 Family. Cryptology eprint Archive (August 2004),
  4. 4.
    Mendel, F., Pramstaller, N., Rechberger, C., Rijmen, V.: Analysis of step-reduced SHA-256. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 126–143. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Sanadhya, S.K., Sarkar, P.: New Local Collision for the SHA-2 Hash Family.Cryptology eprint Archive (2007),
  6. 6.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar
  7. 7.
    Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Ivica Nikolić
    • 1
  • Alex Biryukov
    • 1
  1. 1.University of Luxembourg 

Personalised recommendations