[en] In this work, we introduce a new non-random property for hash/compression functions using the theory of higher order differentials. Based on this, we show a second-order differential collision for the compression function of SHA-256 reduced to 47 out of 64 steps with practical complexity. We have implemented the attack and provide an example. Our results suggest that the security margin of SHA-256 is much lower than the security margin of most of the SHA-3 finalists in this setting. The techniques employed in this attack are based on a rectangle/boomerang approach and cover advanced search algorithms for good characteristics and message modification techniques. Our analysis also exposes flaws in all of the previously published related-key rectangle attacks on the SHACAL-2 block cipher, which is based on SHA-256. We provide valid rectangles for 48 steps of SHACAL-2.
Disciplines :
Computer science
Identifiers :
UNILU:UL-CONFERENCE-2012-037
Author, co-author :
Biryukov, Alex ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Lamberger, Mario; Graz University of Technology, Austria
Mendel, Florian; Graz University of Technology, Austria
Nikolic, Ivica ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
External co-authors :
yes
Language :
English
Title :
Second-Order Differential Collisions for Reduced SHA-256.
Publication date :
2011
Event name :
ASIACRYPT'2011
Event place :
Seoul, South Korea
Event date :
December 4-8, 2011
Main work title :
17th International Conference on the Theory and Application of Cryptology and Information Security