Hash functions based on block ciphers: a synthetic approach
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
How Easy is Collision Search. New Results and Applications to DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Differential Cryptanalysis of DES-like Cryptosystems
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
A Switching Closure Test to Analyze Cryptosystems
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Differential Collisions in SHA-0
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
A (Second) Preimage Attack on the GOST Hash Function
Fast Software Encryption
Fast Software Encryption
Cryptanalysis of the GOST Hash Function
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Weaknesses in the HAS-V compression function
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Hash functions and the (amplified) boomerang attack
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Collisions for 70-step SHA-1: on the full cost of collision search
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
On authentication with HMAC and non-random properties
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Finding SHA-1 characteristics: general results and applications
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
The second-preimage attack on MD4
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
The impact of carries on the complexity of collision attacks on SHA-1
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Collisions of SHA-0 and reduced SHA-1
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Second preimages on n-bit hash functions for much less than 2n work
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Herding hash functions and the nostradamus attack
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Impact of rotations in SHA-1 and related hash functions
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
Preimage Attacks on 3, 4, and 5-Pass HAVAL
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A Preimage Attack for 52-Step HAS-160
Information Security and Cryptology --- ICISC 2008
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Finding Preimages in Full MD5 Faster Than Exhaustive Search
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
The State of Hash Functions and the NIST SHA-3 Competition
Information Security and Cryptology
Two Passes of Tiger Are Not One-Way
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Developing a hardware evaluation method for SHA-3 candidates
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Improved preimage attack for 68-step HAS-160
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Second-preimage analysis of reduced SHA-1
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Preimage attacks against variants of very smooth hash
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
MJH: a faster alternative to MDC-2
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Preimage attacks against PKC98-Hash and HAS-V
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Improved preimage attack on one-block MD4
Journal of Systems and Software
Cryptanalysis of the 10-round hash and full compression function of SHAvite-3-512
AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
The first 30 years of cryptographic hash functions and the NIST SHA-3 competition
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Hash function combiners in TLS and SSL
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Preimage attacks on Full-ARIRANG: analysis of DM-Mode with middle feed-forward
WISA'11 Proceedings of the 12th international conference on Information Security Applications
Generalized first pre-image tractable random oracle model and signature schemes
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
Preimage attacks on step-reduced SM3 hash function
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Converting meet-in-the-middle preimage attack into pseudo collision attack: application to SHA-2
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Provable security of the knudsen-preneel compression functions
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Cryptophia's short combiner for collision-resistant hash functions
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
| Hi-index | 0.00 |
In this paper, we examine the resistance of the popular hash function SHA-1 and its predecessor SHA-0 against dedicated preimage attacks. In order to assess the security margin of these hash functions against these attacks, two new cryptanalytic techniques are developed: Reversing the inversion problem:the idea is to start with an impossible expanded message that would lead to the required digest, and then to correct this message until it becomes valid without destroying the preimage property.P3graphs:an algorithm based on the theory of random graphs that allows the conversion of preimage attacks on the compression function to attacks on the hash function with less effort than traditional meet-in-the-middle approaches.Combining these techniques, we obtain preimage-style shortcuts attacks for up to 45 steps of SHA-1, and up to 50 steps of SHA-0 (out of 80).