Cryptology ePrint Archive: Report 2008/003

On Collisions of Hash Functions Turbo SHA-2

Vlastimil Klima

Abstract: In this paper we don't examine security of Turbo SHA-2 completely; we only show new collision attacks on it, with smaller complexity than it was considered by Turbo SHA-2 authors. In [1] they consider Turbo SHA-224/256-r and Turbo SHA-384/512-r with variable number of rounds r from 1 to 8. The authors of [1] show collision attack on Turbo SHA-256-1 with one round which has the complexity of 2^64. For other r from 2 to 8 they don't find better attack than with the complexity of 2^128. Similarly, for Turbo SHA-512 they find only collision attack on Turbo SHA-512-1 with one round which has the complexity of 2^128. For r from 2 to 8 they don't find better attack than with the complexity of 2^256. In this paper we show collision attack on SHA-256-r for r = 1, 2,..., 8 with the complexity of 2^{16*r}. We also show collision attack on Turbo SHA-512-r for r = 1, 2,..., 8 with the complexity of 2^{32*r}. It follows that the only one remaining candidate from the hash family Turbo SHA is Turbo SHA-256 (and Turbo SHA-512) with 8 rounds. The original security reserve of 6 round has been lost.

Category / Keywords: secret-key cryptography / Turbo SHA-2, collision attack

Date: received 1 Jan 2008

Contact author: v klima at volny cz

Available format(s): PDF | BibTeX Citation

Version: 20080103:134312 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]