Filters








1,787 Hits in 4.9 sec

Second-Preimage Analysis of Reduced SHA-1 [chapter]

Christian Rechberger
2010 Lecture Notes in Computer Science  
First, we reduce the complexity of a 2nd-preimage shortcut attack on 34-step SHA-1 from an impractically high complexity to practical complexity.  ...  Recent work on preimage and second preimage attacks on reduced SHA-1 succeeding up to 48 out of 80 steps (with results barely below the 2 n time complexity of brute-force search) suggest that there is  ...  Even though close to practical collision attacks for SHA-1 are described in [6, 40] , it's resistance against preimage attacks seems very solid.  ... 
doi:10.1007/978-3-642-14081-5_7 fatcat:p2qj7tb7bndqpfjydpjuc3psnu

The State of Hash Functions and the NIST SHA-3 Competition [chapter]

Bart Preneel
2009 Lecture Notes in Computer Science  
AES parallel rounds Brute force: 1 million PCs or US$ 100 000 hardware 42 • SHA designed by NIST (NSA) in ‗93 (80 rounds) • redesign after 2 years ('95) to SHA-1 • collisions for 53 rounds of SHA  ...  in 2 35highly structured collision for 70 out of 80 rounds in 2 44highly structured • collisions for 70 rounds of SHA-1 in 2 39 (4 days on a PC) • collisions for SHA-1 in 2 60 [Mendel+'08 -unpublished  ...  Hash function: pseudorandom function (3) • Some applications still use HMAC-MD4! • NMAC weaker than HMAC • One application that is vulnerable: APOP (password divided over two bloks)  ... 
doi:10.1007/978-3-642-01440-6_1 fatcat:3wd7g5m65nadtemgoiscidtokm

Collisions of SHA-0 and Reduced SHA-1 [chapter]

Eli Biham, Rafi Chen, Antoine Joux, Patrick Carribault, Christophe Lemuet, William Jalby
2005 Lecture Notes in Computer Science  
These techniques show that collisions up to about 53-58 rounds can still be found faster than by birthday attacks.  ...  Then, extension of this and prior techniques are presented, that allow us to find collisions of reduced versions of SHA-1.  ...  These techniques, along with the neutral bit technique and other prior techniques, form a set of tools that enable practical attacks on the full SHA-0, and reduces the complexity of attacking SHA-1 reduced  ... 
doi:10.1007/11426639_3 fatcat:w6wnqboeofeynnxhpdsjx6ndj4

On the Collision Resistance of RIPEMD-160 [chapter]

Florian Mendel, Norbert Pramstaller, Christian Rechberger, Vincent Rijmen
2006 Lecture Notes in Computer Science  
While RIPEMD and RIPEMD-128 reduced to 3 rounds are vulnerable to the attack, it is not feasible for RIPEMD-160.  ...  Furthermore, we present an analytical attack on a round-reduced variant of the RIPEMD-160 hash function.  ...  For this variant, reduced to 3 rounds, we can find a collision using fixed-points.  ... 
doi:10.1007/11836810_8 fatcat:wqx3ja6vlrdpzi7xepixxuopyi

Analysis of a SHA-256 Variant [chapter]

Hirotaka Yoshida, Alex Biryukov
2006 Lecture Notes in Computer Science  
Our result shows that SHACAL-2-XOR with up to 31 rounds out of 64 has a weakness of randomness and that SHA-2-XOR with up to 34 rounds has a weakness of pseudo-collision resistance.  ...  Using the 31-round distinguisher, we present an attack on SHACAL-2-XOR with up to 32 rounds. We also show that no 2-round iterative patterns with probability higher than 2 −16 exist.  ...  Two interesting strategies significantly reducing the complexity in the attack found collisions or near-collisions for the SHA-0 hash functions [2, 3] .  ... 
doi:10.1007/11693383_17 fatcat:xsk2ewabnze3tawkzeixvofg34

A second pre-image attack and a collision attack to cryptographic hash function lux

SULAK Fatih; KOÇAK
2017 Communications Faculty Of Science University of Ankara Series A1Mathematics and Statistics  
Then we extend this to the collision and second preimage attacks for the reduced rounds of LUX hash family.  ...  For LUX-256, Schmidt-Nielsen gave a distinguisher and later Wu et al. presented collision attacks, both of which for reduced rounds of LUX.  ...  These reduced blank round collision and free-start collision attacks will be summarized below: Reduced Blank Round Collision:Wu et al. state that if there were not enough blank rounds, they could easily  ... 
doi:10.1501/commua1_0000000794 fatcat:uq3hegcmqzbmfcoob4lofmm2ze

Cryptanalysis of Block Ciphers Based on SHA-1 and MD5 [chapter]

Markku-Juhani O. Saarinen
2003 Lecture Notes in Computer Science  
We discuss a related-key attack against SHACAL-1 and present a method for finding "slid pairs" for it. We also present simple attacks against MDC-MD5 and the Kaliski-Robshaw block cipher.  ...  We cryptanalyse some block cipher proposals that are based on dedicated hash functions SHA-1 and MD5.  ...  Section 2 discusses slide attacks against SHA-1 and SHACAL-1 and section 3 describes simple attacks against MDC-MD5 and the Kaliski-Robshaw cipher.  ... 
doi:10.1007/978-3-540-39887-5_4 fatcat:jqc64phi7bcdbgyfbogiwecig4

The First 30 Years of Cryptographic Hash Functions and the NIST SHA-3 Competition [chapter]

Bart Preneel
2010 Lecture Notes in Computer Science  
NIST announced in November 2007 that it would organize the SHA-3 competition, with as goal to select a new hash function family by 2012.  ...  This paper presents a brief overview of the state of hash functions 30 years after their introduction; it also discusses the progress of the SHA-3 competition.  ...  Two designs in Round 1 had remarkable security results: SWIFFT admits an asymptotic proof of security against collision and preimage attacks under worstcase assumptions about the complexity of certain  ... 
doi:10.1007/978-3-642-11925-5_1 fatcat:pmaorvizrbghxi2wrtry6i3j7a

Symmetric Cryptography (Dagstuhl Seminar 20041)

Nils Gregor Leander, Bart Mennink, Kaisa Nyberg, Kan Yasuda
2020 Dagstuhl Reports  
More recently, an almost practical chosen-prefix collision attack against SHA-1 has been proposed [1] .  ...  We managed to significantly reduce the complexity of collisions attack against SHA-1: on an Nvidia GTX 970, identicalprefix collisions can now be computed with a complexity of 2 61.2 rather than 2 64.7  ... 
doi:10.4230/dagrep.10.1.130 dblp:journals/dagstuhl-reports/LeanderMNY20 fatcat:7oic7mmj5fht7heg73kyxano2e

Construction of Differential Characteristics in ARX Designs Application to Skein [chapter]

Gaëtan Leurent
2013 Lecture Notes in Computer Science  
Our most notable results are practical free-start and semi-free-start collision attacks for 20 rounds and 12 rounds of Skein-256, respectively.  ...  In this paper, we study differential attacks against ARX schemes. We build upon the generalized characteristics of De Cannière and Rechberger and the multi-bit constraints of Leurent.  ...  We give an example of a colliding pair for the compression function of Skein-256 reduced to 12 rounds in Table 3 . Full collision attack.  ... 
doi:10.1007/978-3-642-40041-4_14 fatcat:a6qgk2k7snehvojxouhv7v47pq

Enhancing the Security Level of SHA-1 by Replacing the MD Paradigm

Harshvardhan Tiwari, Krishna Asawa
2013 Journal of Computing and Information Technology  
It is exhaustedly compared with SHA-1 because hash functions from SHA-2 and SHA-3 are of higher bit length and known to be more secure than SHA-1.  ...  The security of proposed hash function against generic attacks, differential attack, birthday attack and statistical attack was analyzed in detail.  ...  In [24] , authors showed collision in SHA-0 in 2 39 operations. Rijmen and Oswald [25] published an attack on a reduced version of SHA-1.  ... 
doi:10.2498/cit.1002181 fatcat:zwgk2nm5indcxblvgbql42tcnu

Differential Attacks on Reduced RIPEMD-160 [chapter]

Florian Mendel, Tomislav Nad, Stefan Scherz, Martin Schläffer
2012 Lecture Notes in Computer Science  
In this work, we provide the first security analysis of reduced RIPEMD-160 regarding its collision resistance with practical complexity.  ...  We present practical examples of semi-free-start near-collisions for the middle 48 steps (out of 80) and semi-free-start collisions for 36 steps of RIPEMD-160.  ...  In Sect. 3 we present different strategies to construct collisions for round-reduced RIPEMD-160 using local collisions in both streams.  ... 
doi:10.1007/978-3-642-33383-5_2 fatcat:sbwlw6bzzfbbnkm7etkzpm2lmy

Boomerang Attack on Step-Reduced SHA-512 [chapter]

Hongbo Yu, Dongxia Bai
2015 Lecture Notes in Computer Science  
A practical example of the distinguisher for 48-step SHA-512 is also given. As far as we know, it is the best practical attack on step-reduced SHA-512.  ...  Boomerang distinguisher on SHA-512 compression function reduced to 48 steps is proposed, with a practical complexity of 2 51 .  ...  Later, Biryukov et al. extended the result in [17] by one round and presented a practical attack on 47 steps of SHA-256 in [7] in which the application of the attack strategy to SHA-512 was discussed  ... 
doi:10.1007/978-3-319-16745-9_18 fatcat:2cbumq4c7fao3oek2utyzsqu2m

Applications of SAT Solvers to Cryptanalysis of Hash Functions [chapter]

Ilya Mironov, Lintao Zhang
2006 Lecture Notes in Computer Science  
We expect SAT solvers to find new applications as a validation and testing tool of practicing cryptanalysts.  ...  Some essential building blocks of these attacks lend themselves well to automation by encoding them as CNF formulas, which are within reach of modern SAT solvers.  ...  of SatELiteGTI on reduced-round SHA-0).  ... 
doi:10.1007/11814948_13 fatcat:gyl6sxhjxvhbti56tx2l77fxte

A CellBE-based HPC Application for the Analysis of Vulnerabilities in Cryptographic Hash Functions

Alessandro Cilardo, Luigi Esposito, Antonio Veniero, Antonino Mazzeo, Vicenç Beltran, Eduard Ayguadé
2010 2010 IEEE 12th International Conference on High Performance Computing and Communications (HPCC)  
Most importantly, at the conclusion of our study, we were able to identify an actual collision for a 71-round version of SHA-1, the first ever found so far.  ...  In particular, in the light of the recent attacks to the MD5 hash function, SHA-1 remains currently the only function that can be used in practice, since it is the only alternative to MD5 in many security  ...  A 71-round SHA-1 collision Finally, based on the techniques implemented, including those introduced in Section V-E, we were able to show for the first time the feasibility of an attack against a reduced  ... 
doi:10.1109/hpcc.2010.113 dblp:conf/hpcc/CilardoEVMBA10 fatcat:xpvekd6kjrf2xd5u3o3dbjbsu4
« Previous Showing results 1 — 15 out of 1,787 results