Skip to main content
Download book PDF
View expanded cover

International Workshop on Fast Software Encryption

FSE 2008: Fast Software Encryption pp 16–35Cite as

Collisions on SHA-0 in One Hour

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 5086)

Abstract

At Crypto 2007, Joux and Peyrin showed that the boomerang attack, a classical tool in block cipher cryptanalysis, can also be very useful when analyzing hash functions. They applied their new theoretical results to SHA and provided new improvements for the cryptanalysis of this algorithm. In this paper, we concentrate on the case of SHA-0. First, we show that the previous perturbation vectors used in all known attacks are not optimal and we provide a new 2-block one. The problem of the possible existence of message modifications for this vector is tackled by the utilization of auxiliary differentials from the boomerang attack, relatively simple to use. Finally, we are able to produce the best collision attack against SHA-0 so far, with a measured complexity of 233,6 hash function calls. Finding one collision for SHA-0 takes us approximatively one hour of computation on an average PC.

Keywords

  • hash functions
  • SHA-0
  • boomerang attack

Download conference paper PDF

References

  1. Bellare, M., Ristenpart, T.: Multi-Property-Preserving Hash Domain Extension and the EMD Transform. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 299–314. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  2. Biham, E., Chen, R.: Near-Collisions of SHA-0. In: Franklin, M.K. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)

    Google Scholar 

  3. Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C., Jalby, W.: Collisions of SHA-0 and Reduced SHA-1. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 36–57. Springer, Heidelberg (2005)

    Google Scholar 

  4. Biham, E., Dunkelman, O.: A Framework for Iterative Hash Functions: HAIFA. In: Proceedings of Second NIST Cryptographic Hash Workshop (2006), www.csrc.nist.gov/pki/HashWorkshop/2006/program_2006.htm

  5. De Cannière, C., Rechberger, C.: Finding SHA-1 Characteristics: General Results and Applications. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 1–20. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  6. De Cannière, C., Mendel, F., Rechberger, C.: Collisions for 70-step SHA-1: On the Full Cost of Collision Search. In: Adams, C., Miri, A., Wiener, M. (eds.) Selected Areas in Cryptography – SAC 2007. LNCS. Springer, Heidelberg (to appear, 2007)

    Google Scholar 

  7. Chabaud, F., Joux, A.: Differential Collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)

    Google Scholar 

  8. Damgård, I.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)

    Google Scholar 

  9. Dean, R.D.: Formal Aspects of Mobile Code Security. PhD thesis, Princeton University (1999)

    Google Scholar 

  10. Dobbertin, H.: Cryptanalysis of MD4. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 53–69. Springer, Heidelberg (1996)

    Google Scholar 

  11. Menezes, A.J., Vanstone, S.A., Van Oorschot, P.C.: Handbook of Applied Cryptography. CRC Press, Inc., Boca Raton (1996)

    Google Scholar 

  12. Hoch, J.J., Shamir, A.: Breaking the ICE - Finding Multicollisions in Iterated Concatenated and Expanded (ICE) Hash Functions. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 179–194. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  13. Joux, A.: Multi-collisions in Iterated Hash Functions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)

    Google Scholar 

  14. Joux, A., Peyrin, T.: Hash Functions and the (Amplified) Boomerang Attack. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 244–263. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  15. Kelsey, J., Schneier, B.: Second Preimages on n-bit Hash Functions for Much Less Than 2n Work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005)

    Google Scholar 

  16. Manuel, S.: Cryptanalyses Différentielles de SHA-0. Mémoire pour l’obtention du Mastère Recherche Mathematiques Applications au Codage et à la Cryptographie. Université Paris 8 (2006), http://www-rocq.inria.fr/codes/Stephane.Manuel

  17. Merkle, R.C.: One Way Hash Functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)

    Google Scholar 

  18. Naito, Y., Sasaki, Y., Shimoyama, T., Yajima, J., Kunihiro, N., Ohta, K. (eds.): ASIACRYPT 2006. LNCS, vol. 4284, pp. 21–36. Springer, Heidelberg (2006)

    Google Scholar 

  19. National Institute of Standards and Technology. FIPS 180: Secure Hash Standard (May 1993), http://csrc.nist.gov

  20. National Institute of Standards and Technology. FIPS 180-1: Secure Hash Standard (April 1995), http://csrc.nist.gov

  21. National Institute of Standards and Technology. FIPS 180-2: Secure Hash Standard (August 2002), http://csrc.nist.gov

  22. OpenSSL. The Open Source toolkit for SSL/TLS (2007), http://www.openssl.org/source

  23. Rivest, R.L.: RFC 1321: The MD5 Message-Digest Algorithm (April 1992), http://www.ietf.org/rfc/rfc1321.txt

  24. Rivest, R.L.: RFC 1320: The MD4 Message Digest Algorithm (April 1992), http://www.ietf.org/rfc/rfc1320.txt

  25. Wagner, D.: The Boomerang Attack. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999)

    CrossRef  Google Scholar 

  26. Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)

    Google Scholar 

  27. Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)

    Google Scholar 

  28. Wang, X., Yu, H., Yin, Y.L.: Efficient Collision Search Attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)

    Google Scholar 

  29. Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. INRIA,  

    Stéphane Manuel

  2. Orange Labs,  

    Thomas Peyrin

  3. AIST,  

    Thomas Peyrin

  4. Université de Versailles Saint-Quentin-en-Yvelines,  

    Thomas Peyrin

Authors
  1. Stéphane Manuel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas Peyrin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

    Rights and permissions

    Reprints and Permissions

    Copyright information

    © 2008 Springer-Verlag Berlin Heidelberg

    About this paper

    Cite this paper

    Manuel, S., Peyrin, T. (2008). Collisions on SHA-0 in One Hour. In: Nyberg, K. (eds) Fast Software Encryption. FSE 2008. Lecture Notes in Computer Science, vol 5086. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71039-4_2

    Download citation

    • DOI: https://doi.org/10.1007/978-3-540-71039-4_2

    • Publisher Name: Springer, Berlin, Heidelberg

    • Print ISBN: 978-3-540-71038-7

    • Online ISBN: 978-3-540-71039-4

    • eBook Packages: Computer ScienceComputer Science (R0)