Advertisement

Collisions for 70-Step SHA-1: On the Full Cost of Collision Search

  • Christophe De Cannière
  • Florian Mendel
  • Christian Rechberger
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4876)

Abstract

The diversity of methods for fast collision search in SHA-1 and similar hash functions makes a comparison of them difficult. The literature is at times very vague on this issue, which makes comparison even harder. In situations where differences in estimates of attack complexity of a small factor might influence short-term recommendations of standardization bodies, uncertainties and ambiguities in the literature amounting to a similar order of magnitude are unhelpful. We survey different techniques and propose a simple but effective method to facilitate comparison. In a case study, we consider a newly developed attack on 70-step SHA-1, and give complexity estimates and performance measurements of this new and improved collision search method.

Keywords

Hash Function Work Factor Compression Function Message Block Collision Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Biham, E., Chen, R.: Near-Collisions of SHA-0. In: Franklin, M.K. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)Google Scholar
  2. 2.
    Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C., Jalby, W.: Collisions of SHA-0 and Reduced SHA-1. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 36–57. Springer, Heidelberg (2005)Google Scholar
  3. 3.
    De Cannière, C., Rechberger, C.: Finding SHA-1 Characteristics: General Results and Applications. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 1–20. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Chabaud, F., Joux, A.: Differential Collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)Google Scholar
  5. 5.
    Iwasaki, T., Yajima, J., Sasaki, Y., Naito, Y., Shimoyama, T., Kunihiro, N., Ohta, K.: On the complexity of collision attack against SHA-1 and new disturbance vectors. In: Presented at rump session of CRYPTO 2006 (August 2006)Google Scholar
  6. 6.
    Joux, A., Peyrin, T.: Hash Functions and the (Amplified) Boomerang Attack. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 244–263. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Jutla, C.S., Patthak, A.C.: Provably Good Codes for Hash Function Design. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356. Springer, Heidelberg (2006)Google Scholar
  8. 8.
    Klima, V.: Tunnels in Hash Functions: MD5 Collisions Within a Minute. Cryptology ePrint Archive, Report 2006/105 (2006), http://eprint.iacr.org/
  9. 9.
    Mendel, F., Pramstaller, N., Rechberger, C., Rijmen, V.: The Impact of Carries on the Complexity of Collision Attacks on SHA-1. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 278–292. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Naito, Y., Sasaki, Y., Shimoyama, T., Yajima, J., Kunihiro, N., Ohta, K.: Improved Collision Search for SHA-0. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 21–36. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    National Institute of Standards and Technology (NIST). FIPS-180-2: Secure Hash Standard (August 2002), available online at http://www.itl.nist.gov/fipspubs/
  12. 12.
    Pramstaller, N., Rechberger, C., Rijmen, V.: Exploiting Coding Theory for Collision Attacks on SHA-1. In: Smart, N.P. (ed.) Cryptography and Coding. LNCS, vol. 3796, pp. 78–95. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Rijmen, V., Oswald, E.: Update on sha-1. In: Menezes, A.J. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 58–71. Springer, Heidelberg (2005)Google Scholar
  14. 14.
    Sugita, M., Kawazoe, M., Perret, L., Imai, H.: Algebraic Cryptanalysis of 58-round SHA-1. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 349–365. Springer, Heidelberg (2007)Google Scholar
  15. 15.
    Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)Google Scholar
  16. 16.
    Wang, X., Yao, A., Yao, F.: Cryptanalysis of SHA-1. In: Cryptographic Hash Workshop hosted by NIST (October 2005)Google Scholar
  17. 17.
    Wang, X., Yao, A., Yao, F.: New Collision Search for SHA-1. In: Presented at rump session of CRYPTO 2005 (August 2005)Google Scholar
  18. 18.
    Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar
  19. 19.
    Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)Google Scholar
  20. 20.
    Wang, X., Yu, H., Yin, Y.L.: Efficient Collision Search Attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)Google Scholar
  21. 21.
    Wiener, M.J.: The Full Cost of Cryptanalytic Attacks. J. Cryptology 17(2), 105–124 (2004)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Christophe De Cannière
    • 1
  • Florian Mendel
    • 2
  • Christian Rechberger
    • 2
  1. 1.Katholieke Universiteit Leuven, Dept. ESAT/SCD-COSIC, Kasteelpark Arenberg 10, B–3001 HeverleeBelgium
  2. 2.Graz University of Technology, Institute for Applied Information Processing and Communications, Inffeldgasse 16a, A–8010 GrazAustria

Personalised recommendations