Pseudorandom-Function Property of the Step-Reduced Compression Functions of SHA-256 and SHA-512

  • Hidenori Kuwakado
  • Shoichi Hirose
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5379)


Applications of an iterated hash function such as HMAC require that the compression function of the hash function is a pseudorandom function. However, the pseudorandom-function property of the compression function was not analyzed up to now. This paper shows that it is easy to distinguish between the 22 step-reduced SHA-512 compression function with the key-via-IV strategy and a random function. This is the first result on the pseudorandom-function property of the SHA-512 compression function with the key-via-IV strategy. A similar distinguishing attack is applicable to the SHA-256 compression function with the key-via-IV strategy.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M.: New proofs for NMAC and HMAC: Security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602–619. Springer, Heidelberg (2006), CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Ristenpart, T.: Multi-property-preserving hash domain extension and the EMD transform. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 299–314. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Ristenpart, T.: Hash functions in the dedicated-key setting: Design choices and MPP transforms. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 399–410. Springer, Heidelberg (2007), CrossRefGoogle Scholar
  4. 4.
    Black, J., Rogaway, P., Shrimpton, T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320–335. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Contini, S., Yin, Y.L.: Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 37–53. Springer, Heidelberg (2006), CrossRefGoogle Scholar
  6. 6.
    Dunkelman, O., Keller, N., Kim, J.: Related-key rectangle attack on the full SHACAL-1. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 28–44. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Fouque, P.-A., Leurent, G., Nguyenh, P.Q.: Full key-recovery attacks on HMAC/NMAC-MD4 and NMAC-MD5. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 13–30. Springer, Heidelberg (2007), CrossRefGoogle Scholar
  8. 8.
    Handschuh, H., Naccache, D.: SHACAL (2000),
  9. 9.
    Hirose, S., Park, J.H., Yun, A.: A simple variant of the Merkle-Damgård scheme with a permutation. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 113–129. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Hong, S., Kim, J., Kim, G., Sung, J., Lee, C., Lee, S.: Impossible differential attack on 30-round SHACAL-2. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 97–106. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Indesteege, S., Mendel, F., Preneel, B., Rechberger, C., Rijmen, V.: Collisions and other non-random properties for step-reduced SHA-256. Cryptology ePrint Archive, Report 2008/131 (2008),
  12. 12.
    Kim, J., Moon, D., Lee, W., Hong, S., Lee, S., Jung, S.: Amplified boomerang attack against reduced-round SHACAL. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 243–253. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Mendel, F., Pramstaller, N., Rechberger, C., Rijmen, V.: Analysis of step-reduced SHA-256. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 126–143. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    National Institute of Standards and Technology, Secure hash standard, Federal Information Processing Standards Publication 180-2 (August 2002),
  15. 15.
    Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  16. 16.
    Sanadhya, S.K., Sarkar, P.: Collision attacks against 22-step SHA-512. Cryptology ePrint Archive, Report 2008/270 (2008),
  17. 17.
    Sanadhya, S.K., Sarkar, P.: Non-linear reduced round attacks against SHA-2 hash family. Cryptology ePrint Archive, Report 2008/174 (2008),
  18. 18.
    Simon, D.R.: Findings collisions on a one-way street: Can secure hash functions be based on general assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334–345. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  19. 19.
    Wang, L., Ohta, K., Kunihiro, N.: New key-recovery attacks on HMAC/NMAC-MD4 and NMAC-MD5. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 237–253. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Hidenori Kuwakado
    • 1
  • Shoichi Hirose
    • 2
  1. 1.Graduate School of EngineeringKobe UniversityJapan
  2. 2.Graduate School of EngineeringUniversity of FukuiJapan

Personalised recommendations