Introduction to Coding Theory
Differential Collisions in SHA-0
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Quasicyclic codes of index l over Fq viewed as Fq[x]-submodules of Fql[x]/ċ xmċ1ċ
AAECC'03 Proceedings of the 15th international conference on Applied algebra, algebraic algorithms and error-correcting codes
Finding good differential patterns for attacks on SHA-1
WCC'05 Proceedings of the 2005 international conference on Coding and Cryptography
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Efficient collision search attacks on SHA-0
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
The intractability of computing the minimum distance of a code
IEEE Transactions on Information Theory
Hardness of approximating the minimum distance of a linear code
IEEE Transactions on Information Theory
Provably good codes for hash function design
IEEE Transactions on Information Theory
Collisions for 70-step SHA-1: on the full cost of collision search
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Finding SHA-1 characteristics: general results and applications
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Hi-index | 0.06 |
We develop a new technique to lower bound theminimum distance of quasi-cyclic codes with large dimension by reducing the problem to lower bounding the minimum distance of a few significantly smaller dimensional codes. Using this technique, we prove that a code which is similar to the SHA-1 message expansion code has minimum distance at least 82, and that too in just the last 64 of the 80 expanded words. Further the minimum weight in the last 60 words (last 48 words) is at least 75 (52 respectively). We expect our technique to be helpful in designing future practical collision-resistant hash functions. We also use the technique to find the minimum weight of the SHA-1 code (25 in the last 60 words), which was an open problem.