A Generalized Birthday Problem
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
The Rectangle Attack - Rectangling the Serpent
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Collisions for Step-Reduced SHA-256
Fast Software Encryption
New Collision Attacks against Up to 24-Step SHA-2
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Attacking 44 Rounds of the SHACAL-2 Block Cipher Using Related-Key Rectangle Cryptanalysis
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Memoryless Related-Key Boomerang Attack on 39-Round SHACAL-2
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Cube Attacks on Tweakable Black Box Polynomials
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium
Fast Software Encryption
Preimage Attacks on Reduced Tiger and SHA-2
Fast Software Encryption
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl
Fast Software Encryption
Distinguisher and Related-Key Attack on the Full AES-256
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Collisions and Other Non-random Properties for Step-Reduced SHA-256
Selected Areas in Cryptography
Preimages for Step-Reduced SHA-2
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Related-key rectangle attack on 43-round SHACAL-2
ISPEC'07 Proceedings of the 3rd international conference on Information security practice and experience
Hash functions and the (amplified) boomerang attack
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Collisions for 70-step SHA-1: on the full cost of collision search
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Higher order differential attack on step-reduced variants of Luffa v1
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Improved differential attacks for ECHO and Grøstl
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Zero-sum distinguishers for iterated permutations and application to KECCAK-f and Hamsi-256
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Higher-order differential properties of KECCAK and Luffa
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Related-key rectangle attack on 42-round SHACAL-2
ISC'06 Proceedings of the 9th international conference on Information Security
Analysis of step-reduced SHA-256
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
The impact of carries on the complexity of collision attacks on SHA-1
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Related-Key boomerang and rectangle attacks
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Related-Key attacks on reduced rounds of SHACAL-2
INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India
Boomerang distinguishers on MD4-Family: first practical results on full 5-pass HAVAL
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
The Return of the Cryptographic Boomerang
IEEE Transactions on Information Theory
Boomerang distinguisher for the SIMD-512 compression function
INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
Distinguishers beyond three rounds of the RIPEMD-128/-160 compression functions
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Converting meet-in-the-middle preimage attack into pseudo collision attack: application to SHA-2
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Analysis of differential attacks in ARX constructions
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Collisions for the WIDEA-8 compression function
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Second order collision for the 42-step reduced DHA-256 hash function
Information Processing Letters
Hi-index | 0.00 |
In this work, we introduce a new non-random property for hash/compression functions using the theory of higher order differentials. Based on this, we show a second-order differential collision for the compression function of SHA-256 reduced to 47 out of 64 steps with practical complexity. We have implemented the attack and provide an example. Our results suggest that the security margin of SHA-256 is much lower than the security margin of most of the SHA-3 finalists in this setting. The techniques employed in this attack are based on a rectangle/boomerang approach and cover advanced search algorithms for good characteristics and message modification techniques. Our analysis also exposes flaws in all of the previously published related-key rectangle attacks on the SHACAL-2 block cipher, which is based on SHA-256. We provide valid rectangles for 48 steps of SHACAL-2.