Preimages for Step-Reduced SHA-2

Aoki, Kazumaro; Guo, Jian; Matusiewicz, Krystian; Sasaki, Yu; Wang, Lei

doi:10.1007/978-3-642-10366-7_34

Kazumaro Aoki¹⁷,
Jian Guo¹⁸,
Krystian Matusiewicz¹⁹,
Yu Sasaki^17,20 &
…
Lei Wang²⁰

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5912))

Included in the following conference series:

International Conference on the Theory and Application of Cryptology and Information Security

5569 Accesses
79 Citations
6 Altmetric

Abstract

In this paper, we present preimage attacks on up to 43-step SHA-256 (around 67% of the total 64 steps) and 46-step SHA-512 (around 57.5% of the total 80 steps), which significantly increases the number of attacked steps compared to the best previously published preimage attack working for 24 steps. The time complexities are 2^251.9, 2⁵⁰⁹ for finding pseudo-preimages and 2^254.9, 2^511.5 compression function operations for full preimages. The memory requirements are modest, around 2⁶ words for 43-step SHA-256 and 46-step SHA-512. The pseudo-preimage attack also applies to 43-step SHA-224 and SHA-384. Our attack is a meet-in-the-middle attack that uses a range of novel techniques to split the function into two independent parts that can be computed separately and then matched in a birthday-style phase.

Download to read the full chapter text

Chapter PDF

New Records of Pre-image Search of Reduced SHA-1 Using SAT Solvers

Preimage Attacks on up to 5 Rounds of SHA-3 Using Internal Differentials

Preimage Analysis of the Maelstrom-0 Hash Function

References

U.S. Department of Commerce, National Institute of Standards and Technology: Secure Hash Standard (SHS) (Federal Information Processing Standards Publication 180-3) (2008), http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf
Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
Google Scholar
U.S. Department of Commerce, National Institute of Standards and Technology: Federal Register Vol. 72(212) Friday, November 2, 2007 Notices (2007), http://csrc.nist.gov/groups/ST/hash/documents/FR_Notice_Nov07.pdf
U.S. Department of Commerce, National Institute of Standards and Technology: NIST’s Plan for Handling Tunable Parameters. Presentation by Souradyuti Paul at The First SHA-3 Candidate Conference (February 2009), http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/Feb2009/
Mendel, F., Pramstaller, N., Rechberger, C., Rijmen, V.: Analysis of step-reduced SHA-256. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 126–143. Springer, Heidelberg (2006)
Google Scholar
Nikolić, I., Biryukov, A.: Collisions for step-reduced SHA-256. In: [25], pp. 1–15
Google Scholar
Indesteege, S., Mendel, F., Preneel, B., Rechberger, C.: Collisions and other non-random properties for step-reduced SHA-256. In: [26], pp. 276–293
Google Scholar
Sanadhya, S.K., Sarkar, P.: New collision attacks against up to 24-step SHA-2 (extended abstract). In: Rijmen, V., Das, A., Chowdhury, D.R. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 91–103. Springer, Heidelberg (2008)
Google Scholar
Isobe, T., Shibutani, K.: Preimage attacks on reduced Tiger and SHA-2. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 139–155. Springer, Heidelberg (2009)
Google Scholar
Yu, H., Wang, X.: Non-randomness of 39-step SHA-256 (2008), http://www.iacr.org/conferences/eurocrypt2008v/index.html
Saarinen, M.J.O.: A meet-in-the-middle collision attack against the new FORK-256. In: Srinathan, K., Pandu Rangan, C., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 10–17. Springer, Heidelberg (2007)
Google Scholar
Leurent, G.: MD4 is not one-way. In: [25], pp. 412–428
Google Scholar
Rivest, R.L.: Request for Comments 1321: The MD5 Message Digest Algorithm. The Internet Engineering Task Force (1992), http://www.ietf.org/rfc/rfc1321.txt
Zheng, Y., Pieprzyk, J., Seberry, J.: HAVAL — one-way hashing algorithm with variable length of output. In: Seberry, J., Zheng, Y. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 83–104. Springer, Heidelberg (1993)
Google Scholar
Aoki, K., Sasaki, Y.: Preimage attacks on one-block MD4, 63-step MD5 and more. In: [26], pp. 103–119
Google Scholar
Sasaki, Y., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134–152. Springer, Heidelberg (2009)
Google Scholar
Aoki, K., Sasaki, Y.: Meet-in-the-middle preimage attacks against reduced SHA-0 and SHA-1. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 70–89. Springer, Heidelberg (2009)
Google Scholar
Sasaki, Y., Aoki, K.: Preimage attacks on 3, 4, and 5-pass HAVAL. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 253–271. Springer, Heidelberg (2008)
Google Scholar
Chang, D., Hong, S., Kang, C., Kang, J., Kim, J., Lee, C., Lee, J., Lee, J., Lee, S., Lee, Y., Lim, J., Sung, J.: ARIRANG. NIST home page: http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/submissions_rnd1.html
Hong, D., Kim, W.H., Koo, B.: Preimage attack on ARIRANG. Cryptology ePrint Archive, Report 2009/147 (2009), http://eprint.iacr.org/2009/147
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press, Boca Raton (1997)
Google Scholar
Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than 2ⁿ work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005)
Google Scholar
Sasaki, Y.: Meet-in-the-middle attacks using output truncation in 3-pass HAVAL. In: Samarati, P., Yung, M., Martinelli, F. (eds.) ISC 2009. LNCS, vol. 5735, pp. 79–94. Springer, Heidelberg (2009)
Google Scholar
Joux, A.: Multicollisions in iterated hash functions. Application to cascaded constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)
Google Scholar
Nyberg, K. (ed.): FSE 2008. LNCS, vol. 5086. Springer, Heidelberg (2008)
MATH Google Scholar
Avanzi, R., Keliher, L., Sica, F. (eds.): SAC 2008. LNCS, vol. 5381. Springer, Heidelberg (2009)
MATH Google Scholar

Download references

Author information

Authors and Affiliations

NTT Information Sharing Platform Laboratories, NTT Corporation, 3-9-11 Midori-cho, Musashino-shi, Tokyo, 180-8585, Japan
Kazumaro Aoki & Yu Sasaki
Division of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore
Jian Guo
Department of Mathematics, Technical University of Denmark, Denmark
Krystian Matusiewicz
University of Electro-Communications, 1-5-1 Choufugaoka, Choufu-shi, Tokyo, 182-8585, Japan
Yu Sasaki & Lei Wang

Authors

Kazumaro Aoki
View author publications
Search author on:PubMed Google Scholar
Jian Guo
View author publications
Search author on:PubMed Google Scholar
Krystian Matusiewicz
View author publications
Search author on:PubMed Google Scholar
Yu Sasaki
View author publications
Search author on:PubMed Google Scholar
Lei Wang
View author publications
Search author on:PubMed Google Scholar

Editor information

Editors and Affiliations

Information Technology R&D Center, Mitsubishi Electric Corporation, 247-8501, Kamakura, Kanagawa, Japan
Mitsuru Matsui

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Aoki, K., Guo, J., Matusiewicz, K., Sasaki, Y., Wang, L. (2009). Preimages for Step-Reduced SHA-2. In: Matsui, M. (eds) Advances in Cryptology – ASIACRYPT 2009. ASIACRYPT 2009. Lecture Notes in Computer Science, vol 5912. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10366-7_34

Download citation

DOI: https://doi.org/10.1007/978-3-642-10366-7_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10365-0
Online ISBN: 978-3-642-10366-7
eBook Packages: Computer ScienceComputer Science (R0)

Keywords

Publish with us

Policies and ethics