Paper 2007/403

Turbo SHA-2

Danilo Gligoroski and Svein Johan Knapskog


In this paper we describe the construction of Turbo SHA-2 family of cryptographic hash functions. They are built with design components from the SHA-2 family, but the new hash function has three times more chaining variables, it is more robust and resistant against generic multi-block collision attacks, its design is resistant against generic length extension attacks and it is 2 - 8 times faster than the original SHA-2. It uses two novel design principles in the design of hash functions: {\em 1. Computations in the iterative part of the compression function start by using variables produced in the message expansion part that have the complexity level of a random Boolean function, 2. Variables produced in the message expansion part are not discarded after the processing of the current message block, but are used for the construction of the three times wider chain for the next message block.} These two novel principles combined with the already robust design principles present in SHA-2 (such as the nonlinear message expansion part), enabled us to build the compression function of Turbo SHA-2 that has just 16 new variables in the message expansion part (compared to 48 for SHA-256 and 64 for SHA-512) and just 8 rounds in the iterative part (compared to 64 for SHA-256 and 80 for SHA-512).

Note: Updates in this version: 1. Comparison with 3CG, 2. Schematic representation of Turbo SHA-2, 3. Correction of some typos 4. Several new references have been added.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
Cryptographic hash functionSHA-2Turbo SHA-2
Contact author(s)
Danilo Gligoroski @ q2s ntnu no
2007-10-26: last of 4 revisions
2007-10-21: received
See all versions
Short URL
Creative Commons Attribution


      author = {Danilo Gligoroski and Svein Johan Knapskog},
      title = {Turbo {SHA}-2},
      howpublished = {Cryptology ePrint Archive, Paper 2007/403},
      year = {2007},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.