Cryptology ePrint Archive: Report 2008/142
Attacking Reduced Round SHA-256
Somitra Kumar Sanadhya and Palash Sarkar
Abstract: The SHA-256 hash function has started getting attention recently by the cryptanalysis community
due to the various weaknesses found in its predecessors such as MD4, MD5, SHA-0 and SHA-1. We make
two contributions in this work. First we describe message modification techniques and use them to obtain an
algorithm to generate message pairs which collide for the actual SHA-256 reduced to 18 steps. Our second
contribution is to present differential paths for 19, 20, 21, 22 and 23 steps of SHA-256. We construct parity
check equations in a novel way to find these characteristics. Further, the 19-step differential path presented here
is constructed by using only 15 local collisions, as against the previously known 19-step near collision differential
path which consists of interleaving of 23 local collisions. Our 19-step differential path can also be seen as a single
local collision at the message word level. We use a linearized local collision in this work. These results do not
cause any threat to the security of the SHA-256 hash function.
Category / Keywords: Cryptanalysis, SHA-256 Hash function, Reduced round attacks.
Publication Info: A shorter version of this paper will appear in the proceedings of ACNS 2008.
Date: received 31 Mar 2008, last revised 15 May 2008
Contact author: somitra_r at isical ac in
Available format(s): PDF | BibTeX Citation
Note: Rectified a typo.
Version: 20080515:114533 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]