Paper 2009/184

Cryptanalysis of Dynamic SHA(2)

Jean-Philippe Aumasson, Orr Dunkelman, Sebastiaan Indesteege, and Bart Preneel

Abstract

In this paper, we analyze the hash functions Dynamic SHA and Dynamic SHA2, which have been selected as first round candidates in the NIST hash function competition. These hash functions rely heavily on data-dependent rotations, similar to certain block ciphers, e.g., RC5. Our analysis suggests that in the case of hash functions, where the attacker has more control over the rotations, this approach is less favorable than in block ciphers. We present practical, or close to practical, collision attacks on both Dynamic SHA and Dynamic SHA2. Moreover, we present a preimage attack on Dynamic SHA that is faster than exhaustive search.

Note: Typo fixed in one equation.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Accepted to SAC 2009
Keywords
hash functionspreimagecollisionSHA-3
Contact author(s)
jeanphilippe aumasson @ gmail com
History
2009-08-27: last of 5 revisions
2009-05-02: received
See all versions
Short URL
https://ia.cr/2009/184
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2009/184,
      author = {Jean-Philippe Aumasson and Orr Dunkelman and Sebastiaan Indesteege and Bart Preneel},
      title = {Cryptanalysis of Dynamic {SHA}(2)},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/184},
      year = {2009},
      url = {https://eprint.iacr.org/2009/184}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.