Collisions on SHA-0 in One Hour

Authors:
Stéphane Manuel;Thomas Peyrin
Affiliations:
INRIA,;Orange Labs, and AIST, and Université de Versailles Saint-Quentin-en-Yvelines,
Venue:
Fast Software Encryption
Year:
2008

Citing 19
Cited 8

Handbook of Applied Cryptography

Handbook of Applied Cryptography
A Design Principle for Hash Functions

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Differential Collisions in SHA-0

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of MD4

Proceedings of the Third International Workshop on Fast Software Encryption
The Boomerang Attack

FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Formal aspects of mobile code security

Formal aspects of mobile code security
Hash functions and the (amplified) boomerang attack

CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Collisions for 70-step SHA-1: on the full cost of collision search

SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Finding SHA-1 characteristics: general results and applications

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Improved collision search for SHA-0

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Multi-property-preserving hash domain extension and the EMD transform

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Breaking the ICE – finding multicollisions in iterated concatenated and expanded (ICE) hash functions

FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Efficient collision search attacks on SHA-0

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Collisions of SHA-0 and reduced SHA-1

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Second preimages on n-bit hash functions for much less than 2n work

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

How to Use Merkle-Damgård -- On the Security Relations between Signature Schemes and Their Inner Hash Functions

ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
Speeding up Collision Search for Byte-Oriented Hash Functions

CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
The State of Hash Functions and the NIST SHA-3 Competition

Information Security and Cryptology
MD5 Is Weaker Than Weak: Attacks on Concatenated Combiners

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Linearization Framework for Collision Attacks: Application to CubeHash and MD6

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Cryptography for network security: failures, successes and challenges

MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Classification and generation of disturbance vectors for collision attacks against SHA-1

Designs, Codes and Cryptography
The first 30 years of cryptographic hash functions and the NIST SHA-3 competition

CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

At Crypto 2007, Joux and Peyrin showed that the boomerang attack, a classical tool in block cipher cryptanalysis, can also be very useful when analyzing hash functions. They applied their new theoretical results to SHAand provided new improvements for the cryptanalysis of this algorithm. In this paper, we concentrate on the case of SHA-0. First, we show that the previous perturbation vectors used in all known attacks are not optimal and we provide a new 2-block one. The problem of the possible existence of message modifications for this vector is tackled by the utilization of auxiliary differentials from the boomerang attack, relatively simple to use. Finally, we are able to produce the best collision attack against SHA-0so far, with a measured complexity of 233,6hash function calls. Finding one collision for SHA-0takes us approximatively one hour of computation on an average PC.