Near-Collisions of SHA-0
نویسندگان
چکیده
In this paper we find two near-collisions of the full compression function of SHA-0, in which up to 142 of the 160 bits of the output are equal. We also find many full collisions of 65-round reduced SHA-0, which is a large improvement to the best previous result of 35 rounds. We use the very surprising fact that the messages have many neutral bits, some of which do not affect the differences for about 15–20 rounds. We also show that 82-round SHA-0 is much weaker than the (80-round) SHA-0, although it has more rounds. This fact demonstrates that the strength of SHA-0 is not monotonous in the number of rounds.
منابع مشابه
Finding Near-Optimum Message Scheduling Settings for SHA-256 Variants Using Genetic Algorithms
One-way hash functions play an important role in modern cryptography. Matusiewicz et al. proved that the message scheduling is essential for the security of SHA256 by showing that it is possible to find collisions with complexity 2 hash operations for a variant without it. In this article, we first proposed the conjecture that message scheduling of SHA algorithm has higher security complexity (...
متن کاملCollisions of SHA-0 and Reduced SHA-1
In this paper we describe improvements to the techniques used to cryptanalyze SHA-0 and introduce the first results on SHA1. The results include a generic multi-block technique that uses nearcollisions in order to find collisions, and a four-block collision of SHA-0 found using this technique with complexity 2. Then, extension of this and prior techniques are presented, that allow us to find co...
متن کاملComplexity of the Collision and Near-Collision Attack on SHA-0 with Different Message Schedules
SHA-0 employs a primitive polynomial of degree 16 over GF(2) in its message schedule. There are 2048 primitive polynomials of degree 16 over GF(2). For each primitive polynomial, a SHA-0 variant can be constructed. In this paper, the security of 2048 variants is analyzed against the Chabaud-Joux attack proposed in CRYPTO’98. The analysis shows that all the variants could be collision-attacked b...
متن کاملNear Collisions for the Compress Function of Hamsi-256 Found by Genetic Algorithm
Hamsi is one of 14 remaining candidates in NIST's Hash Competition for the future hash standard SHA3 and Hamsi-256 is one of four kinds of Hamsi. In this paper we present a genetic algorithm to search near collisions for the compress function of Hamsi-256 , give a near collision on (256 − 20) bits and a near collision on (256 − 21) bits with four differences in the chaining value, and obtain a ...
متن کاملAttacking Reduced Round SHA-256
The SHA-256 hash function has started getting attention recently by the cryptanalysis community due to the various weaknesses found in its predecessors such as MD4, MD5, SHA-0 and SHA-1. We make two contributions in this work. First we describe message modification techniques and use them to obtain an algorithm to generate message pairs which collide for the actual SHA-256 reduced to 18 steps. ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2004 شماره
صفحات -
تاریخ انتشار 2004