Paper 2005/247

A Simple and Provably Good Code for SHA Message Expansion

Charanjit S. Jutla and Anindya C. Patthak

Abstract

We develop a new computer assisted technique for lower bounding the minimum distance of linear codes similar to those used in SHA-1 message expansion. Using this technique, we prove that a modified SHA-1 like code has minimum distance at least 82, and that too in just the last 64 of the 80 expanded words. Further the minimum weight in the last 60 words (last 48 words) is at least 75 (52 respectively). We propose a new compression function which is identical to SHA-1 except for the modified message expansion code. We argue that the high minimum weight of the message expansion code makes the new compression function resistant to recent differential attacks.

Metadata
Available format(s)
PDF PS
Publication info
Published elsewhere. Unknown where it was published
Keywords
Hash FunctionsDifferential CryptanalysisCodesminimum distance
Contact author(s)
csjutla @ us ibm com
History
2005-08-05: last of 4 revisions
2005-07-30: received
See all versions
Short URL
https://ia.cr/2005/247
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2005/247,
      author = {Charanjit S.  Jutla and Anindya C.  Patthak},
      title = {A Simple and Provably Good Code for SHA Message Expansion},
      howpublished = {Cryptology ePrint Archive, Paper 2005/247},
      year = {2005},
      note = {\url{https://eprint.iacr.org/2005/247}},
      url = {https://eprint.iacr.org/2005/247}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.