Paper 2014/302
Branching Heuristics in Differential Collision Search with Applications to SHA-512
Maria Eichlseder, Florian Mendel, and Martin Schläffer
Abstract
In this work, we present practical semi-free-start collisions for SHA-512 on up to 38 (out of 80) steps with complexity $2^{40.5}$. The best previously published result was on 24 steps. The attack is based on extending local collisions as proposed by Mendel et al. in their Eurocrypt 2013 attack on SHA-256. However, for SHA-512, the search space is too large for direct application of these techniques. We achieve our result by improving the branching heuristic of the guess-and-determine approach to find differential characteristics and conforming message pairs. Experiments show that for smaller problems like 27 steps of SHA-512, the heuristic can also speed up the collision search by a factor of $2^{20}$.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Published by the IACR in FSE 2014
- Keywords
- cryptanalysishash functionsdifferential cryptanalysisSHA-2SHA-512collision attackguess-and-determine
- Contact author(s)
- maria eichlseder @ iaik tugraz at
- History
- 2014-04-30: received
- Short URL
- https://ia.cr/2014/302
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2014/302, author = {Maria Eichlseder and Florian Mendel and Martin Schläffer}, title = {Branching Heuristics in Differential Collision Search with Applications to SHA-512}, howpublished = {Cryptology ePrint Archive, Paper 2014/302}, year = {2014}, note = {\url{https://eprint.iacr.org/2014/302}}, url = {https://eprint.iacr.org/2014/302} }