Paper 2008/003

On Collisions of Hash Functions Turbo SHA-2

Vlastimil Klima

Abstract

In this paper we don't examine security of Turbo SHA-2 completely; we only show new collision attacks on it, with smaller complexity than it was considered by Turbo SHA-2 authors. In [1] they consider Turbo SHA-224/256-r and Turbo SHA-384/512-r with variable number of rounds r from 1 to 8. The authors of [1] show collision attack on Turbo SHA-256-1 with one round which has the complexity of 2^64. For other r from 2 to 8 they don't find better attack than with the complexity of 2^128. Similarly, for Turbo SHA-512 they find only collision attack on Turbo SHA-512-1 with one round which has the complexity of 2^128. For r from 2 to 8 they don't find better attack than with the complexity of 2^256. In this paper we show collision attack on SHA-256-r for r = 1, 2,..., 8 with the complexity of 2^{16*r}. We also show collision attack on Turbo SHA-512-r for r = 1, 2,..., 8 with the complexity of 2^{32*r}. It follows that the only one remaining candidate from the hash family Turbo SHA is Turbo SHA-256 (and Turbo SHA-512) with 8 rounds. The original security reserve of 6 round has been lost.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Turbo SHA-2collision attack
Contact author(s)
v klima @ volny cz
History
2008-01-03: received
Short URL
https://ia.cr/2008/003
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2008/003,
      author = {Vlastimil Klima},
      title = {On Collisions of Hash Functions Turbo {SHA}-2},
      howpublished = {Cryptology {ePrint} Archive, Paper 2008/003},
      year = {2008},
      url = {https://eprint.iacr.org/2008/003}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.