Second-Order Differential Collisions for Reduced SHA-256

Alex Biryukov, Mario Lamberger, Florian Mendel, Ivica Nikolic

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

In this work, we introduce a new non-random property for hash/compression functions using the theory of higher order differentials. Based on this, we show a second-order differential collision for the compression function of SHA-256 reduced to 47 out of 64 steps with practical complexity. We have implemented the attack and provide an example. Our results suggest that the security margin of SHA-256 is much lower than the security margin of most of the SHA-3 finalists in this setting. The techniques employed in this attack are based on a rectangle/boomerang approach and cover advanced search algorithms for good characteristics and message modification techniques. Our analysis also exposes flaws in all of the previously published related-key rectangle attacks on the SHACAL-2 block cipher, which is based on SHA-256. We provide valid rectangles for 48 steps of SHACAL-2
Original languageEnglish
Title of host publicationAdvances in Cryptology - ASIACRYPT 2011
EditorsDong Hoon Lee, Xiaoyun Wang
PublisherSpringer
Pages270-287
ISBN (Print)978-3-642-25384-3
DOIs
Publication statusPublished - 2011
Event17th International Conference on the Theory and Application of Cryptology and Information Security: ASIACRYPT 2011 - Seoul, Korea, Republic of
Duration: 4 Dec 20118 Dec 2011

Publication series

NameLecture Notes in Computer Science
Volume7073

Conference

Conference17th International Conference on the Theory and Application of Cryptology and Information Security
Abbreviated titleASIACRYPT 2011
Country/TerritoryKorea, Republic of
CitySeoul
Period4/12/118/12/11

Fields of Expertise

  • Information, Communication & Computing

Fingerprint

Dive into the research topics of 'Second-Order Differential Collisions for Reduced SHA-256'. Together they form a unique fingerprint.

Cite this