Cryptology ePrint Archive: Report 2004/325

Complexity of the Collision and Near-Collision Attack on SHA-0 with Different Message Schedules

Mitsuhiro HATTORI and Shoichi HIROSE and Susumu YOSHIDA

Abstract: SHA-0 employs a primitive polynomnial of degree 16 over GF(2) in its message schedule. There are 2048 primitive polynomials of degree 16 over GF(2). For each primitive polynomial, a SHA-0 variant can be constructed. In this paper, the security of 2048 variants is analyzed against the Chabaud-Joux attack proposed in CRYPTO'98. The analysis shows that all the variants could be collision-attacked by using near-collisions as a tool and thus the replacement of the primitive polynomial is not a proper way to make SHA-0 secure. However, it is shown that the selection of the variants highly affects the complexity of the attack. Furthermore, a collision in the most vulnerable variant is presented. It is obtained by the original Chabaud-Joux attack without any improvements.

Category / Keywords: foundations / hash functions, SHA-0, collision attack, near-collision attack

Date: received 26 Nov 2004, last revised 14 Feb 2005

Contact author: hattori at hanase kuee kyoto-u ac jp

Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: The result of the near-collision attack (Table 6) is corrected.

Version: 20050214:075857 (All versions of this report)

Discussion forum: Show discussion | Start new discussion