Skip to main content
SpringerLink
Log in

Hardware Architecture and Cost Estimates for Breaking SHA-1

  • Conference paper
Information Security (ISC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3650))

Included in the following conference series:

Abstract

The cryptanalysis of hash functions has advanced rapidly, and many hash functions have been broken one after another. The most popular hash function SHA-1 has not been broken yet, but the new collision search techniques proposed by Wang et al. reduced the computational complexity down to 269, which is only 1/2,000 of the 280 operations needed for a birthday attack. The complexity is still too large even for today’s supercomputers, but no feasibility study of breaking SHA-1 using specialized hardware has been reported. The well known brute force attack on DES simply repeats the DES operation 256 times at a maximum, but the complexity of 269 hash operations to break SHA-1 does not mean 269 SHA-1 operations. Complex procedures using SHA-1 functions are required, and the total number of operations based on the probability of a collision occurrence is almost equivalent to the 269 SHA-1 operations. Therefore, we describe a procedure and propose an LSI architecture to find real collisions for SHA-1 in this paper. The hardware core was synthesized by using a 0.13-μm CMOS standard cell library, and its performances in speed, size, and power consumption were evaluated. A $10 million budget can build a custom hardware system that would consist of 303 personal computers with 16 circuit boards each, in which 32 SHA-1-breaking LSIs are mounted. Each LSI has 64 SHA-1 cores that can run in parallel. This system would find a real collision in 127 days.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. NIST, Secure Hash Standard, FIPS PUB 180 (May 1993)

    Google Scholar 

  2. NIST, Proposed Revision of Federal Information Processing Standard (FIPS) 180, Secure Hash Standard (July 1994)

    Google Scholar 

  3. NIST, Secure Hash Standard, FIPS PUB 180-1 (April 1995)

    Google Scholar 

  4. NIST, Secure Hash Standard (SHS), FIPS PUB 180-2 (August 2002)

    Google Scholar 

  5. NIST, FIPS 180-2, Secure Hash Standard Change Notice 1, (February 2004), http://csrc.nist.gov/publications/fips/fips180-2/FIPS180-2_changenotice.pdf

  6. Rivest, R.L.: The MD4 Message Digest Algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)

    Google Scholar 

  7. Rivest, R.L.: The MD4 Message Digest Algorithm. RFC 1186 (October 1990)

    Google Scholar 

  8. Rivest, R.L.: The MD4 Message Digest Algorithm. RFC 1320 (April 1992)

    Google Scholar 

  9. Rivest, R.L.: The MD5 Message Digest Algorithm. RFC 1321 (April 1992)

    Google Scholar 

  10. Chabaud, F., Joux, A.: Differential Collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)

    Google Scholar 

  11. Biham, E., Chen, R.: Near-Collisions of SHA-0. Cryptology ePrint Archive: Report 2004/146 (June 2004), http://eprint.iacr.org/2004/146

  12. Joux, A.: Collisions for SHA-0. In: CRYPTO 2004 rump session (August 2004), http://www.mail-archive.com/cryptography%40metzdowd.com/msg02554.html

  13. Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for Hash Functions MD4, MD5, HAVAL-128, and RIPEMD. In: CRYPTO 2004 rump session (August 2004), http://www.infosec.sdu.edu.cn/paper/199.pdf

  14. Wang, X., Yin, Y.L., Yu, H.: Collision Search Attacks on SHA1 (2005), http://www.infosec.sdu.edu.cn/paper/sha-attack-note.pdf

  15. Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005), http://www.infosec.sdu.edu.cn/paper/md4-ripemd-attck.pdf

    Chapter  Google Scholar 

  16. Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005), http://www.infosec.sdu.edu.cn/paper/md5-attack.pdf

    Chapter  Google Scholar 

  17. Wang, X., Yin, Y.L., Yu, H.: Efficient Collision Search Attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005), http://www.infosec.sdu.edu.cn/paper/sha0-crypto-author-new.pdf

    Google Scholar 

  18. Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005), http://www.infosec.sdu.edu.cn/paper/sha1-crypto-auth-new-2-yao.pdf

    Google Scholar 

  19. Matusiewicz, K., Pieprzyk, J.: Finding Good Differential Patterns for Attacks on SHA-1. Cryptology ePrint Archive: Report 2004/364 (December 2004), http://eprint.iacr.org/2004/364

  20. Rijmen, V., Oswald, E.: Update on SHA-1. Cryptology ePrint Archive: Report 2005/010 (December 2004), http://eprint.iacr.org/2005/010.pdf

  21. Yuval, G.: How to swindle Rabin. Cryptologia 3(3), 187–189 (1979)

    Article  Google Scholar 

  22. Yin, Y.L.: personal communication (July 2005)

    Google Scholar 

  23. Satoh, A., Inoue, T.: ASIC-Hardware-Focused Comparison for Hash Functions MD5, RIPEMD-160, and SHS. In: Proc. ITCC 2005 (International Conference on Information Technology), April 2005, vol. 1, pp. 532–537 (2005)

    Google Scholar 

  24. IBM Cu-11 Standard Cell / Gate Array ASIC, http://www-03.ibm.com/chips/products/asics/products/cu-11.html

Download references

Author information

Authors and Affiliations

  1. IBM Research, Tokyo Research Laboratory, IBM Japan, Ltd, 1623-14, Shimo-tsuruma, Yamato-shi, Kanagawa, 242-8502, Japan

    Akashi Satoh

Authors
  1. Akashi Satoh
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Cryptography and Security Department Institute for Infocomm Research, Singapore

    Jianying Zhou

  2. Department of Information and Communication Technologies, University of A Coruña, Spain

    Javier Lopez

  3. School of Information Systems, Singapore Management University, Singapore

    Robert H. Deng

  4. Institute for Infocomm Research, 119613, Singapore

    Feng Bao

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Satoh, A. (2005). Hardware Architecture and Cost Estimates for Breaking SHA-1. In: Zhou, J., Lopez, J., Deng, R.H., Bao, F. (eds) Information Security. ISC 2005. Lecture Notes in Computer Science, vol 3650. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11556992_19

Download citation

  • DOI: https://doi.org/10.1007/11556992_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29001-8

  • Online ISBN: 978-3-540-31930-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation