Cryptology ePrint Archive: Report 2009/184
Cryptanalysis of Dynamic SHA(2)
Jean-Philippe Aumasson and Orr Dunkelman and Sebastiaan Indesteege and Bart Preneel
Abstract: In this paper, we analyze the hash functions Dynamic SHA and Dynamic SHA2, which have been selected as ﬁrst round candidates in the NIST hash function competition. These hash functions rely heavily on data-dependent rotations, similar to certain block ciphers, e.g., RC5. Our analysis suggests that in the case of hash functions, where the
attacker has more control over the rotations, this approach is less favorable than in block ciphers. We present practical, or close to practical, collision attacks on both Dynamic SHA and Dynamic SHA2. Moreover, we present a preimage attack on Dynamic SHA that is faster than exhaustive search.
Category / Keywords: secret-key cryptography / hash functions, preimage, collision, SHA-3
Publication Info: Accepted to SAC 2009
Date: received 28 Apr 2009, last revised 27 Aug 2009
Contact author: jeanphilippe aumasson at gmail com
Available format(s): PDF | BibTeX Citation
Note: Typo fixed in one equation.
Version: 20090827:065451 (All versions of this report)
Short URL: ia.cr/2009/184
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]