New Preimage Attacks against Reduced SHA-1
نویسندگان
چکیده
This paper shows preimage attacks against reduced SHA-1 up to 57 steps. The best previous attack has been presented at CRYPTO 2009 and was for 48 steps finding a two-block preimage with incorrect padding at the cost of 2 evaluations of the compression function. For the same variant our attacks find a one-block preimage at 2 and a correctly padded two-block preimage at 2 evaluations of the compression function. The improved results come out of a differential view on the meet-in-the-middle technique originally developed by Aoki and Sasaki. The new framework closely relates meet-in-the-middle attacks to differential cryptanalysis which turns out to be particularly useful for hash functions with linear message expansion and weak diffusion properties.
منابع مشابه
Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1
Preimage resistance of several hash functions has already been broken by the meet-in-the-middle attacks and they utilize a property that their message schedules consist of only permutations of message words. It is unclear whether this type of attacks is applicable to a hash function whose message schedule does not consist of permutations of message words. This paper proposes new attacks against...
متن کاملPreimages for Reduced SHA-0 and SHA-1
In this paper, we examine the resistance of the popular hash function SHA-1 and its predecessor SHA-0 against dedicated preimage attacks. In order to assess the security margin of these hash functions against these attacks, two new cryptanalytic techniques are developed: – Reversing the inversion problem: the idea is to start with an impossible expanded message that would lead to the required d...
متن کاملPreimage Attacks on Reduced Tiger and SHA-2
This paper shows new preimage attacks on reduced Tiger and SHA-2. Indesteege and Preneel presented a preimage attack on Tiger reduced to 13 rounds (out of 24) with a complexity of 2. Our new preimage attack finds a one-block preimage of Tiger reduced to 16 rounds with a complexity of 2. The proposed attack is based on meet-in-themiddle attacks. It seems difficult to find “independent words” of ...
متن کاملAdvanced Meet-in-the-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2
We revisit narrow-pipe designs that are in practical use, and their security against preimage attacks. Our results are the best known preimage attacks on Tiger, MD4, and reduced SHA-2, with the result on Tiger being the first cryptanalytic shortcut attack on the full hash function. Our attacks runs in time 2 for finding preimages, and 2 for second-preimages. Both have memory requirement of orde...
متن کاملNote on Distinguishing, Forgery, and Second Preimage Attacks on HMAC-SHA-1 and a Method to Reduce the Key Entropy of NMAC
The first distinguishing, forgery and second preimage attacks on step-reduced HMAC-SHA-1 have recently been presented by Kim et al. In this note we report on ongoing work to improve their data complexity and present new attacks on HMAC-SHA-1 covering more steps. Additionally, we show how a collision-based technique can be used to reduce the key entropy of NMAC-SHA-1. Finally we comment on the a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2012 شماره
صفحات -
تاریخ انتشار 2012