Deterministic Constructions of 21-Step Collisions for the SHA-2 Hash Family
Recently, at FSE ’08, Nikolić and Biryukov introduced a new technique for analyzing SHA-2 round function. Building on their work, but using other differential paths, we construct two different deterministic attacks against 21-step SHA-2 hash family. Since the attacks are deterministic, they are actually combinatorial constructions of collisions. There are six free words in our first construction. This gives exactly 2192 different collisions for 21-step SHA-256 and exactly 2384 different collisions for 21-step SHA-512. The second construction has five free words. The best previous result, due to Nikolić and Biryukov, for finding collisions for 21-step SHA-256 holds with probability 2− 19. No results on 21-step SHA-512 are previously known. Further, we provide evidence that the Nikolić-Biryukov differential path is unlikely to yield 21-step collisions for SHA-512.
KeywordsSHA-2 family cryptanalysis reduced round attacks
Unable to display preview. Download preview PDF.
- 1.Chabaud, F., Joux, A.: Differential Collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)Google Scholar
- 2.Gilbert, H., Handschuh, H.: Security Analysis of SHA-256 and Sisters. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 175–193. Springer, Heidelberg (2003)Google Scholar
- 4.Mendel, F., Pramstaller, N., Rechberger, C., Rijmen, V.: Analysis of Step-Reduced SHA-256. Cryptology eprint Archive, (March 2008), http://eprint.iacr.org/2008/130
- 5.Nikolić, I., Biryukov, A.: Collisions for Step-Reduced SHA-256. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 1–16. Springer, Heidelberg (2008)Google Scholar
- 8.Sanadhya, S.K., Sarkar, P.: Non-Linear Reduced Round Attacks Against SHA-2 Hash family. In: Mu, Y., Susilo, W. (eds.) ACISP 2008. LNCS, vol. 5107. Springer, Heidelberg (2008)Google Scholar
- 9.Secure Hash Standard. Federal Information Processing Standard Publication 180-2. U.S. Department of Commerce, National Institute of Standards and Technology(NIST) (2002),http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf