Cryptology ePrint Archive: Report 2004/325
Complexity of the Collision and Near-Collision Attack on SHA-0 with Different Message Schedules
Mitsuhiro HATTORI and Shoichi HIROSE and Susumu YOSHIDA
Abstract: SHA-0 employs a primitive polynomnial of degree 16 over GF(2) in its message schedule. There are 2048 primitive polynomials of degree 16 over GF(2). For each primitive polynomial, a SHA-0 variant can be constructed. In this paper, the security of 2048 variants is analyzed against the Chabaud-Joux attack proposed in CRYPTO'98. The analysis shows that all the variants could be collision-attacked by using near-collisions as a tool and thus the replacement of the primitive polynomial is not a proper way to make SHA-0 secure. However, it is shown that the selection of the variants highly affects the complexity of the attack. Furthermore, a collision in the most vulnerable variant is presented. It is obtained by the original Chabaud-Joux attack without any improvements.
Category / Keywords: foundations / hash functions, SHA-0, collision attack, near-collision attack
Date: received 26 Nov 2004, last revised 14 Feb 2005
Contact author: hattori at hanase kuee kyoto-u ac jp
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation
Note: The result of the near-collision attack (Table 6) is corrected.
Version: 20050214:075857 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]