On Collisions of Hash Functions Turbo SHA-2
نویسنده
چکیده
In this paper we don't examine security of Turbo SHA-2 completely; we only show new collision attacks on it, with smaller complexity than it was considered by Turbo SHA-2 authors. In [1] they consider Turbo SHA-224/256r and Turbo SHA-384/512-r with variable number of rounds r from 1 to 8. The authors of [1] show collision attack on Turbo SHA-256-1 with one round which has the complexity of 2. For other r from 2 to 8 they don't find better attack than with the complexity of 2. Similarly, for Turbo SHA-512 they find only collision attack on Turbo SHA-512-1 with one round which has the complexity of 2. For r from 2 to 8 they don't find better attack than with the complexity of 2. In this paper we show collision attack on SHA-256-r for r = 1, 2, ..., 8 with the complexity of 2. We also show collision attack on Turbo SHA-512-r for r = 1, 2, ..., 8 with the complexity of 2. It follows that the only one remaining candidate from the hash family Turbo SHA is Turbo SHA-256 (and Turbo SHA-512) with 8 rounds. The original security reserve of 6 round has been lost.
منابع مشابه
Turbo SHA-2
In this paper we describe the construction of Turbo SHA-2 family of cryptographic hash functions. They are built with design components from the SHA-2 family, but the new hash function has three times more chaining variables, it is more robust and resistant against generic multi-block collision attacks, its design is resistant against generic length extension attacks and it is 2 8 times faster ...
متن کاملNew Local Collisions for the SHA-2 Hash Family
The starting point for collision attacks on practical hash functions is a local collision. In this paper, we make a systematic study of local collisions for the SHA-2 family. The possible linear approximations of the constituent Boolean functions are considered and certain impossible conditions for such approximations are identified. Based on appropriate approximations, we describe a general me...
متن کاملFinding Near-Optimum Message Scheduling Settings for SHA-256 Variants Using Genetic Algorithms
One-way hash functions play an important role in modern cryptography. Matusiewicz et al. proved that the message scheduling is essential for the security of SHA256 by showing that it is possible to find collisions with complexity 2 hash operations for a variant without it. In this article, we first proposed the conjecture that message scheduling of SHA algorithm has higher security complexity (...
متن کاملSome thoughts on Collision Attacks in the Hash Functions MD5, SHA-0 and SHA-1
The design principle of Merkle-Damg̊ard construction is collision resistance of the compression function implies collision resistance of the hash function. Recently multi-block collisions have been found on the hash functions MD5, SHA-0 and SHA-1 using differential cryptanalysis. These multi-block collisions raise several questions on some definitions and properties used in the hash function lit...
متن کاملGeneric Collision Attacks on Narrow-pipe Hash Functions Faster than Birthday Paradox, Applicable to MDx, SHA-1, SHA-2, and SHA-3 Narrow-pipe Candidates
In this note we show a consequence of the recent observation that narrow-pipe hash designs manifest an abberation from ideal random functions for finding collisions for those functions with complexities much lower than the so called generic birthday paradox lower bound. The problem is generic for narrow-pipe designs including classic Merkle-Damg̊ard designs but also recent narrow-pipe SHA-3 cand...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2008 شماره
صفحات -
تاریخ انتشار 2008