Collisions on SHA-0 in One Hour

  • Stéphane Manuel
  • Thomas Peyrin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5086)


At Crypto 2007, Joux and Peyrin showed that the boomerang attack, a classical tool in block cipher cryptanalysis, can also be very useful when analyzing hash functions. They applied their new theoretical results to SHA and provided new improvements for the cryptanalysis of this algorithm. In this paper, we concentrate on the case of SHA-0. First, we show that the previous perturbation vectors used in all known attacks are not optimal and we provide a new 2-block one. The problem of the possible existence of message modifications for this vector is tackled by the utilization of auxiliary differentials from the boomerang attack, relatively simple to use. Finally, we are able to produce the best collision attack against SHA-0 so far, with a measured complexity of 233,6 hash function calls. Finding one collision for SHA-0 takes us approximatively one hour of computation on an average PC.


hash functions SHA-0 boomerang attack 

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Stéphane Manuel
    • 1
  • Thomas Peyrin
    • 2
    • 3
    • 4
  1. 1.INRIA 
  2. 2.Orange Labs 
  3. 3.AIST 
  4. 4.Université de Versailles Saint-Quentin-en-Yvelines 

Personalised recommendations