Paper 2021/292

Quantum Collision Attacks on Reduced SHA-256 and SHA-512

Akinori Hosoyamada and Yu Sasaki

Abstract

In this paper, we study dedicated quantum collision attacks on SHA-256 and SHA-512 for the first time. The attacks reach 38 and 39 steps, respectively, which significantly improve the classical attacks for 31 and 27 steps. Both attacks adopt the framework of the previous work that converts many semi-free-start collisions into a 2-block collision, and are faster than the generic attack in the cost metric of time-space tradeoff. We observe that the number of required semi-free-start collisions can be reduced in the quantum setting, which allows us to convert the previous classical 38 and 39 step semi-free-start collisions into a collision. The idea behind our attacks is simple and will also be applicable to other cryptographic hash functions.

Note: Minor revision. Some errors in Section 7 are corrected. Complexity analysis is slightly changed.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A major revision of an IACR publication in CRYPTO 2021
Keywords
hash functionSHA-256SHA-512collision attackquantum attackconversion from semi-free-start collisions
Contact author(s)
akinori hosoyamada bh @ hco ntt co jp
History
2021-06-25: revised
2021-03-07: received
See all versions
Short URL
https://ia.cr/2021/292
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2021/292,
      author = {Akinori Hosoyamada and Yu Sasaki},
      title = {Quantum Collision Attacks on Reduced {SHA}-256 and {SHA}-512},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/292},
      year = {2021},
      url = {https://eprint.iacr.org/2021/292}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.