Improved Collision Search for SHA-0

Naito, Yoshiro; Sasaki, Yu; Shimoyama, Takeshi; Yajima, Jun; Kunihiro, Noboru; Ohta, Kazuo

doi:10.1007/11935230_2

Cited by 17 publications

(15 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A hint towards the reasons for the withdrawal came in 1998 with a paper [31] by Chabaud and Joux, describing a collision attack on SHA-0. Other cryptanalytic results on SHA-0 appear in [16,17,30,139,217]. One of only a few published implementations of collision attacks on SHA-0 was developed by the author and can be found at [203]; this implementation is based on the attack described in [217].…”

Section: Sha-0mentioning

confidence: 99%

Cryptographic Hash Functions

Gauravaram¹,

Knudsen²

2010

Encyclopedia of Information Assurance

View full text Add to dashboard Cite

Section: Sha-0mentioning

confidence: 99%

Cryptographic Hash Functions

Gauravaram¹,

Knudsen²

2010

Encyclopedia of Information Assurance

View full text Add to dashboard Cite

“…This includes message modifications [27], neutral bits [7], boomerang attacks [16,20], tunnels [18] and submarine modifications [21]. In this section we show that the problem of finding conforming message pairs can be reformulated as finding preimages of zero under a function which we call the condition function.…”

Section: Finding a Conforming Message Pair Efficientlymentioning

confidence: 99%

Linearization Framework for Collision Attacks: Application to CubeHash and MD6

Brier

Khazaei

Meier

et al. 2009

Advances in Cryptology – ASIACRYPT 2009

View full text Add to dashboard Cite

Abstract. In this paper, an improved differential cryptanalysis framework for finding collisions in hash functions is provided. Its principle is based on linearization of compression functions in order to find low weight differential characteristics as initiated by Chabaud and Joux. This is formalized and refined however in several ways: for the problem of finding a conforming message pair whose differential trail follows a linear trail, a condition function is introduced so that finding a collision is equivalent to finding a preimage of the zero vector under the condition function. Then, the dependency table concept shows how much influence every input bit of the condition function has on each output bit. Careful analysis of the dependency table reveals degrees of freedom that can be exploited in accelerated preimage reconstruction under the condition function. These concepts are applied to an in-depth collision analysis of reduced-round versions of the two SHA-3 candidates CubeHash and MD6, and are demonstrated to give by far the best currently known collision attacks on these SHA-3 candidates.

show abstract

“…In the case of SHA-0 the overall complexity of the attack was 2 39 message modification processes. Recently, Naito et al [18] lower this complexity down to 2 36 operations, but we argue in this paper that it is a theoretical complexity and not a measured one.…”

Section: Concerning the Domain Extensionmentioning

confidence: 58%

“…Naito et al recently proposed [18] a new advanced modification technique socalled submarine modification. Its purpose is to ensure that the sufficient conditions from steps 21 to 24 are fulfilled.…”

Section: Naito Et Almentioning

confidence: 99%

“…The new conditions should not interfere with the already pre-computed sufficient conditions. Naito et al detailed their submarine modifications up to step 17 (see [18] proof of Theorem 1). They remarked that the probability that one of these modifications can satisfy a target condition without affecting the other sufficient conditions is almost 1.…”

Section: Naito Et Almentioning

confidence: 99%

See 1 more Smart Citation

Collisions on SHA-0 in One Hour

Manuel

Peyrin

Fast Software Encryption

View full text Add to dashboard Cite

Abstract. At Crypto 2007, Joux and Peyrin showed that the boomerang attack, a classical tool in block cipher cryptanalysis, can also be very useful when analyzing hash functions. They applied their new theoretical results to SHA-1 and provided new improvements for the cryptanalysis of this algorithm. In this paper, we concentrate on the case of SHA-0. First, we show that the previous perturbation vectors used in all known attacks are not optimal and we provide a new 2-block one. The problem of the possible existence of message modifications for this vector is tackled by the utilization of auxiliary differentials from the boomerang attack, relatively simple to use. Finally, we are able to produce the best collision attack against SHA-0 so far, with a measured complexity of 2 33,6 hash function calls. Finding one collision for SHA-0 takes us approximatively one hour of computation on an average PC.

show abstract

Improved Collision Search for SHA-0

Cited by 17 publications

References 7 publications

Cryptographic Hash Functions

Cryptographic Hash Functions

Linearization Framework for Collision Attacks: Application to CubeHash and MD6

Collisions on SHA-0 in One Hour

Contact Info

Product

Resources

About