Analysis of SHA-512/224 and SHA-512/256
نویسندگان
چکیده
In 2012, NIST standardized SHA-512/224 and SHA-512/256, two truncated variants of SHA-512, in FIPS 180-4. These two hash functions are faster than SHA-224 and SHA-256 on 64-bit platforms, while maintaining the same hash size and claimed security level. So far, no third-party analysis of SHA-512/224 or SHA-512/256 has been published. In this work, we examine the collision resistance of step-reduced versions of SHA-512/224 and SHA-512/256 by using differential cryptanalysis in combination with sophisticated search tools. We are able to generate practical examples of free-start collisions for 44-step SHA-512/224 and 43-step SHA-512/256. Thus, the truncation performed by these variants on their larger state allows us to attack several more rounds compared to the untruncated family members. In addition, we improve upon the best published collisions for 24-step SHA-512 and present practical collisions for 27 steps of SHA-512/224, SHA-512/256, and SHA-512.
منابع مشابه
Boomerang Attack on Step-Reduced SHA-512
SHA-2 (SHA-224, SHA-256, SHA-384 and SHA-512) is hash function family issued by the National Institute of Standards and Technology (NIST) in 2002 and is widely used all over the world. In this work, we analyze the security of SHA-512 with respect to boomerang attack. Boomerang distinguisher on SHA-512 compression function reduced to 48 steps is proposed, with a practical complexity of 2. A prac...
متن کاملOn Collisions of Hash Functions Turbo SHA-2
In this paper we don't examine security of Turbo SHA-2 completely; we only show new collision attacks on it, with smaller complexity than it was considered by Turbo SHA-2 authors. In [1] they consider Turbo SHA-224/256r and Turbo SHA-384/512-r with variable number of rounds r from 1 to 8. The authors of [1] show collision attack on Turbo SHA-256-1 with one round which has the complexity of 2. F...
متن کاملNew Collision Attacks against Up to 24-Step SHA-2
In this work, we provide new and improved attacks against 22, 23 and 24-step SHA-2 family using a local collision given by Sanadhya and Sarkar (SS) at ACISP ’08. The success probability of our 22-step attack is 1 for both SHA-256 and SHA-512. The computational efforts for the 23-step and 24step SHA-256 attacks are respectively 2 and 2 calls to the corresponding step reduced SHA-256. The corresp...
متن کاملPerformance Comparison of Parallel Implementations of Cayley and SHA Hash Functions
Implementing hash functions to run on multi-core computers will reduce its running time. We aim to implement Cayley, SHA-256 and SHA-512 hash functions to run on multicore computers and compare their performances. Cayley hash compresses the input message by hashing one bit at a time using composition of linear equations. SHA-256 and SHA-512 work on message blocks and produce fixed length digest...
متن کاملPreimage Attacks on 41-Step SHA-256 and 46-Step SHA-512
In this paper, we propose preimage attacks on 41-step SHA-256 and 46-step SHA-512, which drastically increase the number of attacked steps compared to the best previous preimage attack working for only 24 steps. The time complexity for 41-step SHA-256 is 2 compression function operations and the memory requirement is 2 × 10 words. The time complexity for 46-step SHA-512 is 2 compression functio...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2016 شماره
صفحات -
تاریخ انتشار 2015