Cryptology ePrint Archive: Report 2008/130
Analysis of Step-Reduced SHA-256
Florian Mendel and Norbert Pramstaller and Christian Rechberger and Vincent Rijmen
Abstract: This is the first article analyzing the security of SHA-256 against fast collision search which considers the recent attacks by Wang et al. We show the limits of applying techniques known so far to SHA-256. Next we introduce a new type of perturbation vector which circumvents the identified limits. This new technique is then applied to the unmodified SHA-256. Exploiting the combination of Boolean functions and modular
addition together with the newly developed technique allows us to derive collision-producing characteristics for step-reduced SHA-256, which was not possible before. Although our results do not threaten the security of SHA-256, we show that the low probability of a single local collision may give rise to a false sense of security.
Category / Keywords:
Publication Info: Fast Software Encryption (FSE) 2006. pp 126-143
Date: received 23 Mar 2008, last revised 24 Mar 2008
Contact author: christian rechberger at iaik tugraz at
Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation
Note: In Appendix C, this version gives the correct (shifted) characteristic. In Appendix D, this version corrects a 32-bit word in Table 10, and adapts some terms to a more standard nomenclature. Thanks to Somitra Kumar Sanadhyaand and Hongbo Yu for helping us to spot those errors.
Version: 20080325:122235 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]