Complexity of Differential Attacks on SHA-0 with Various Message Schedules
نویسندگان
چکیده
The security of SHA-0 with various message schedules is discussed in this letter. SHA-0 employs a primitive polynomial of degree 16 over GF(2) in its message schedule. For each primitive polynomial, a SHA-0 variant can be constructed. The collision resistance and the near-collision resistance of SHA-0 variants to the Chabaud-Joux attack are evaluated. Moreover, the near-collision resistance of a variant to the Biham-Chen attack is evaluated. It is shown that the selection of primitive polynomials highly affects the resistance. However, it is concluded that these SHA-0 variants are not appropriate for making SHA-0 secure. key words: hash function, SHA-0, Chabaud-Joux attack, Biham-Chen attack
منابع مشابه
Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1
Preimage resistance of several hash functions has already been broken by the meet-in-the-middle attacks and they utilize a property that their message schedules consist of only permutations of message words. It is unclear whether this type of attacks is applicable to a hash function whose message schedule does not consist of permutations of message words. This paper proposes new attacks against...
متن کاملOn the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1⋆
HMAC is a widely used message authentication code and a pseudorandom function generator based on cryptographic hash functions such as MD5 and SHA-1. It has been standardized by ANSI, IETF, ISO and NIST. HMAC is proved to be secure as long as the compression function of the underlying hash function is a pseudorandom function. In this paper we devise two new distinguishers of the structure of HMA...
متن کاملNew Disturbance Vector for SHA-0 Collision
Most of recent collision attacks on SHA-0 are based on the differential path given by Xiaoyun Wang et al. Their disturbance vector was thought to be the best one. We noticed that the way they calculate number of sufficient conditions is not accurate, and we also found some new properties of the third Boolean function MAJ (b ∧ c) ∨ (c ∧ d) ∨ (d ∧ b). In this paper we present a new disturbance ve...
متن کاملColliding Message Pairs for 23 and 24-step SHA-512
Recently, Indesteege et al. [1] had described attacks against 23 and 24-step SHA-512 at SAC ’08. Their attacks are based on the differential path by Nikolić and Biryukov [2]. The reported complexities are 2 and 2 calls to the respective step reduced SHA-512 hash function. They provided colliding message pairs for 23-step SHA-512 but did not provide a colliding message pair for 24-step SHA-512. ...
متن کاملA proposal of a criterion for collision resistance of hash functions
clear the advantage of the fact that an attacker can know all intermediate values in calculating an outIn this paper we revisit the tequniques for collision put. This fact is the most different assumption for attacks and study the relation between maximum an attacker from block cipher’s case. differential characteristic probability and a limit of However Wang et al. showed in the last two years...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IEICE Transactions
دوره 88-A شماره
صفحات -
تاریخ انتشار 2005