Cryptology ePrint Archive: Report 2015/350

Improving Local Collisions: New Attacks on Reduced SHA-256

Florian Mendel and Tomislav Nad and Martin Schläffer

Abstract: In this paper, we focus on the construction of semi-free-start collisions for SHA-256, and show how to turn them into collisions. We present a collision attack on 28 steps of the hash function with practical complexity. Using a two-block approach we are able to turn a semi-free-start collision into a collision for 31 steps with a complexity of at most $2^{65.5}$. The main improvement of our work is to extend the size of the local collisions used in these attacks. To construct differential characteristics and confirming message pairs for longer local collisions, we had to improve the search strategy of our automated search tool. To test the limits of our techniques we present a semi-free-start collision for 38 steps.

Category / Keywords: secret-key cryptography / hash functions, SHA-2, cryptanalysis, collisions, semi-free-start collisions, differential characteristics, automatic search tool

Original Publication (in the same form): IACR-EUROCRYPT-2013

Date: received 20 Apr 2015

Contact author: florian mendel at iaik tugraz at

Available format(s): PDF | BibTeX Citation

Version: 20150423:024508 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]