FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
The random oracle methodology, revisited
Journal of the ACM (JACM)
The Random Oracle Model and the Ideal Cipher Model Are Equivalent
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Second-Order differential collisions for reduced SHA-256
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Finding SHA-2 characteristics: searching through a minefield of contradictions
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Boomerang distinguishers on MD4-Family: first practical results on full 5-pass HAVAL
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Boomerang attacks on hash function using auxiliary differentials
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Boomerang distinguisher for the SIMD-512 compression function
INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
The Return of the Cryptographic Boomerang
IEEE Transactions on Information Theory
Hi-index | 0.89 |
At the Cryptographic Hash Workshop hosted by NIST in 2005, Lee et al. proposed the DHA-256 (Double Hash Algorithm-256) hash function. The design of DHA-256 builds upon the design of SHA-256, but introduces additional strengthening features such as optimizing the message expansion and step function against local collision attacks. Previously, DHA-256 was analyzed by J. Zhong and X. Lai, who presented a preimage attack on 35 steps of the compression function with complexity 2^2^3^9^.^6. In addition, the IAIK Krypto Group provided evidence that there exists a 9-step local collision for the DHA-256 compression function with probability higher than previously predicted. In this paper, we analyze DHA-256 in the context of higher order differential attacks. In particular, we provide a practical distinguisher for 42 out of 64 steps and give an example of a colliding quartet to validate our results.