Analysis of step-reduced SHA-256

Authors:
Florian Mendel;Norbert Pramstaller;Christian Rechberger;Vincent Rijmen
Affiliations:
Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Austria;Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Austria;Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Austria;Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Austria
Venue:
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Year:
2006

Citing 13
Cited 17

A method for finding codewords of small weight

Proceedings of the third international colloquium on Coding theory and applications
Crytanalysis of DES with a Reduced Number of Rounds: Sequences of Linear Factors in Block Ciphers

CRYPTO '85 Advances in Cryptology
Differential Collisions in SHA-0

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Update on SHA-1

CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Efficient collision search attacks on SHA-0

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Collisions of SHA-0 and reduced SHA-1

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Related-Key attacks on reduced rounds of SHACAL-2

INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India
Exploiting coding theory for collision attacks on SHA-1

IMA'05 Proceedings of the 10th international conference on Cryptography and Coding
Analysis of a SHA-256 variant

SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
A new algorithm for finding minimum-weight words in a linear code: application to McEliece's cryptosystem and to narrow-sense BCH codes of length 511

IEEE Transactions on Information Theory

Searching for Messages Conforming to Arbitrary Sets of Conditions in SHA-256

Research in Cryptology
Collisions for Step-Reduced SHA-256

Fast Software Encryption
Non-linear Reduced Round Attacks against SHA-2 Hash Family

ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Deterministic Constructions of 21-Step Collisions for the SHA-2 Hash Family

ISC '08 Proceedings of the 11th international conference on Information Security
New Collision Attacks against Up to 24-Step SHA-2

INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Pseudorandom-Function Property of the Step-Reduced Compression Functions of SHA-256 and SHA-512

Information Security Applications
A new hash family obtained by modifying the SHA-2 family

Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Distinguishing Attack on the Secret-Prefix MAC Based on the 39-Step SHA-256

ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Provably good codes for hash function design

IEEE Transactions on Information Theory
Preimages for Step-Reduced SHA-2

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
New local collisions for the SHA-2 hash family

ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Attacking reduced round SHA-256

ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
MJH: a faster alternative to MDC-2

CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Second-Order differential collisions for reduced SHA-256

ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Finding SHA-2 characteristics: searching through a minefield of contradictions

ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Converting meet-in-the-middle preimage attack into pseudo collision attack: application to SHA-2

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Provable security of the knudsen-preneel compression functions

ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security

Quantified Score

Hi-index	0.06

Visualization

Abstract

This is the first article analyzing the security of SHA-256 against fast collision search which considers the recent attacks by Wang et al. We show the limits of applying techniques known so far to SHA-256. Next we introduce a new type of perturbation vector which circumvents the identified limits. This new technique is then applied to the unmodified SHA-256. Exploiting the combination of Boolean functions and modular addition together with the newly developed technique allows us to derive collision-producing characteristics for step-reduced SHA-256, which was not possible before. Although our results do not threaten the security of SHA-256, we show that the low probability of a single local collision may give rise to a false sense of security.