Paper 2008/142

Attacking Reduced Round SHA-256

Somitra Kumar Sanadhya and Palash Sarkar

Abstract

The SHA-256 hash function has started getting attention recently by the cryptanalysis community due to the various weaknesses found in its predecessors such as MD4, MD5, SHA-0 and SHA-1. We make two contributions in this work. First we describe message modification techniques and use them to obtain an algorithm to generate message pairs which collide for the actual SHA-256 reduced to 18 steps. Our second contribution is to present differential paths for 19, 20, 21, 22 and 23 steps of SHA-256. We construct parity check equations in a novel way to find these characteristics. Further, the 19-step differential path presented here is constructed by using only 15 local collisions, as against the previously known 19-step near collision differential path which consists of interleaving of 23 local collisions. Our 19-step differential path can also be seen as a single local collision at the message word level. We use a linearized local collision in this work. These results do not cause any threat to the security of the SHA-256 hash function.

Note: Rectified a typo.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. A shorter version of this paper will appear in the proceedings of ACNS 2008.
Keywords
CryptanalysisSHA-256 Hash functionReduced round attacks.
Contact author(s)
somitra_r @ isical ac in
History
2008-05-15: last of 3 revisions
2008-03-31: received
See all versions
Short URL
https://ia.cr/2008/142
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2008/142,
      author = {Somitra Kumar Sanadhya and Palash Sarkar},
      title = {Attacking Reduced Round {SHA}-256},
      howpublished = {Cryptology {ePrint} Archive, Paper 2008/142},
      year = {2008},
      url = {https://eprint.iacr.org/2008/142}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.