Deterministic Constructions of 21-Step Collisions for the SHA-2 Hash Family

  • Somitra Kumar Sanadhya
  • Palash Sarkar
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5222)


Recently, at FSE ’08, Nikolić and Biryukov introduced a new technique for analyzing SHA-2 round function. Building on their work, but using other differential paths, we construct two different deterministic attacks against 21-step SHA-2 hash family. Since the attacks are deterministic, they are actually combinatorial constructions of collisions. There are six free words in our first construction. This gives exactly 2192 different collisions for 21-step SHA-256 and exactly 2384 different collisions for 21-step SHA-512. The second construction has five free words. The best previous result, due to Nikolić and Biryukov, for finding collisions for 21-step SHA-256 holds with probability 2− 19. No results on 21-step SHA-512 are previously known. Further, we provide evidence that the Nikolić-Biryukov differential path is unlikely to yield 21-step collisions for SHA-512.


SHA-2 family cryptanalysis reduced round attacks 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chabaud, F., Joux, A.: Differential Collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)Google Scholar
  2. 2.
    Gilbert, H., Handschuh, H.: Security Analysis of SHA-256 and Sisters. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 175–193. Springer, Heidelberg (2003)Google Scholar
  3. 3.
    Mendel, F., Pramstaller, N., Rechberger, C., Rijmen, V.: Analysis of Step-Reduced SHA-256. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 126–143. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Mendel, F., Pramstaller, N., Rechberger, C., Rijmen, V.: Analysis of Step-Reduced SHA-256. Cryptology eprint Archive, (March 2008),
  5. 5.
    Nikolić, I., Biryukov, A.: Collisions for Step-Reduced SHA-256. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 1–16. Springer, Heidelberg (2008)Google Scholar
  6. 6.
    Sanadhya, S.K., Sarkar, P.: New Local Collisions for the SHA-2 Hash Family. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 193–205. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Sanadhya, S.K., Sarkar, P.: Attacking Reduced Round SHA-256. In: Bellovin, S., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Sanadhya, S.K., Sarkar, P.: Non-Linear Reduced Round Attacks Against SHA-2 Hash family. In: Mu, Y., Susilo, W. (eds.) ACISP 2008. LNCS, vol. 5107. Springer, Heidelberg (2008)Google Scholar
  9. 9.
    Secure Hash Standard. Federal Information Processing Standard Publication 180-2. U.S. Department of Commerce, National Institute of Standards and Technology(NIST) (2002),

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Somitra Kumar Sanadhya
    • 1
  • Palash Sarkar
    • 1
  1. 1.Applied Statistics UnitIndian Statistical InstituteKolkataIndia

Personalised recommendations