Analysis of a SHA-256 Variant [chapter]

Hirotaka Yoshida, Alex Biryukov
2006 Lecture Notes in Computer Science  
SHA-256 is a cryptographic hash function which was proposed in 2000 as a new generation of SHA functions and was adopted as FIPS standard in 2002. In this paper we will consider a SHA-256 variant and a SHACAL-2 variant in which every arithmetic addition is replaced by XOR operation. We call the SHA-256 variant SHA-2-XOR and the SHACAL-2 variant SHACAL-2-XOR respectively. We will present a differential attack on these constructions by using one-round iterative differential characteristics with
more » ... obability 2 −8 we identified. Our result shows that SHACAL-2-XOR with up to 31 rounds out of 64 has a weakness of randomness and that SHA-2-XOR with up to 34 rounds has a weakness of pseudo-collision resistance. Using the 31-round distinguisher, we present an attack on SHACAL-2-XOR with up to 32 rounds. We also show that no 2-round iterative patterns with probability higher than 2 −16 exist.
doi:10.1007/11693383_17 fatcat:xsk2ewabnze3tawkzeixvofg34