# Classification and generation of disturbance vectors for collision attacks against SHA-1

@article{Manuel2008ClassificationAG, title={Classification and generation of disturbance vectors for collision attacks against SHA-1}, author={St{\'e}phane Manuel}, journal={Designs, Codes and Cryptography}, year={2008}, volume={59}, pages={247-263} }

The main contribution of this paper is to provide a classification of disturbance vectors used in differential collision attacks against $${\tt{SHA}-1}$$ . We show that all published disturbance vectors can be classified into two types of vectors, type-I and type-II. We present a deterministic algorithm which produce efficient disturbance vectors with respect to any given cost function. We define two simple cost functions to evaluate the efficiency of a candidate disturbance vector. Using our…

## 88 Citations

### Classification of disturbance vectors for collision attack in SHA-1

- EngineeringScience China Information Sciences
- 2015

It is proved that there are only two types of the optimal disturbance vectors, type-I and type-II, which have minimum weight of 25 in the last 60 of the 80 expanded words, in the total 2512 disturbance vectors searching space.

### New strategy for searching disturbance vector of SHA-1 collision attack

- MathematicsScience China Information Sciences
- 2016

Dear editor, We present a new algorithm to search for effective disturbance vectors with a complexity of 2 based on the following two properties of disturbance vectors. One property is the weight…

### New Collision Attacks on SHA-1 Based on Optimal Joint Local-Collision Analysis

- Computer Science, MathematicsEUROCRYPT
- 2013

Novel techniques are introduced that enable us to determine the theoretical maximum success probability for a given set of (dependent) local colli- sions, as well as the smallest set of message conditions that attains this probability.

### Speeding up detection of SHA-1 collision attacks using unavoidable attack conditions

- Computer Science, MathematicsUSENIX Security Symposium
- 2017

This paper presents a significant performance improvement for collision detection based on the new concept of unavoidable conditions, and provides a formal model for unavoidable conditions for collision attacks on MD5-like compression functions.

### Improving SHA-1 counter-cryptanalysis using unavoidable conditions

- Computer Science, Mathematics
- 2015

A significant performance improvement for collision detection based on the new concept of unavoidable conditions is presented and the improved SHA-1 collision detection is implemented, which is about 16 times faster than without without the unavoidable condition improvements.

### Practical Free-Start Collision Attacks on 76-step SHA-1

- Computer Science, MathematicsCRYPTO
- 2015

This work exploits the additional freedom provided by this model by using a new start-from-the-middle approach in combination with improvements on the cryptanalysis tools that have been developed for SHA-1 in the recent years, which results in particular in better differential paths than the ones used for hash function collisions so far.

### Matrix Representation of Conditions for the Collision Attack of SHA-1 and Its Application to the Message Modification

- Computer ScienceIWSEC
- 2010

This paper proposes a matrix representation of Chaining Variable Condition (CVC) and Message Condition (MC) and applies this to an algorithm for constructing the Message Modification procedure in order to reduce the complexity for the collision attack of SHA-1.

### Mitigation and Improving SHA-1 Standard Using Collision Detection Approach

- Computer Science2018 International Conference on Frontiers of Information Technology (FIT)
- 2018

A collision detection methodology and an improved version of Secure Hash Algorithm (SHA-1) standard are introduced to protect weak primitives from any possible collision attack.

### Freestart Collision for Full SHA-1

- Computer Science, MathematicsEUROCRYPT
- 2015

This is the first practical break of the full SHA-1, reaching all 80 out of 80 steps, and it further shows how GPUs can be used very efficiently for this kind of attack.

### Analysis of Differential Attacks in ARX Constructions

- Computer Science, MathematicsASIACRYPT
- 2012

New multi-bit constraints to describe differential characteristics in ARX designs more accurately, and quartet constraints to analyze boomerang attacks, and how to propagate those constraints are described.

## References

SHOWING 1-10 OF 20 REFERENCES

### Collisions on SHA-0 in One Hour

- Computer Science, MathematicsFSE
- 2008

This paper shows that the previous perturbation vectors used in all known attacks are not optimal and provides a new 2-block one and is able to produce the best collision attack against SHA-0 so far, with a measured complexity of 233,6hash function calls.

### Finding Good Differential Patterns for Attacks on SHA-1

- Computer Science, MathematicsWCC
- 2004

It is shown that the problems of finding optimal differential patterns for SHA-1 is equivalent to the problem of finding minimal weight codeword in a large linear code.

### Finding SHA-1 Characteristics: General Results and Applications

- MathematicsASIACRYPT
- 2006

A method to search for characteristics in an automatic way for multi-block attacks, and as a proof of concept, gives a two-block collision for 64-step SHA-1 based on a new characteristic.

### On Authentication with HMAC and Non-random Properties

- Computer Science, MathematicsFinancial Cryptography
- 2006

A new method to recover both the inner- and the outer key used in HMAC when instantiated with a concrete hash function by observing text/MAC pairs is presented, using the first theoretical full key recovery attack on NMAC-MD5.

### New Results on NMAC/HMAC when Instantiated with Popular Hash Functions

- Computer Science, MathematicsJ. Univers. Comput. Sci.
- 2008

A new method to recover both the inner and the outer key used in HMAC when instantiated with a concrete hash function by observing text/MAC pairs is presented, and the first theoretical full key recovery attack on NMAC-MD5 is presented.

### Hash Functions and the (Amplified) Boomerang Attack

- Computer Science, MathematicsCRYPTO
- 2007

It is shown that using this boomerang attack as a neutral bits tool, it becomes possible to lower the complexity of the attacks on SHA-1.

### Improved Collision Search for SHA-0

- Computer Science, MathematicsASIACRYPT
- 2006

This paper gives sufficient conditions for the steps from step 21, and proposes submarine modification as the message modification technique that will ensure satisfaction of the sufficient conditions from steps 21 to 24, an extension of the multi-message modification used in collision attacks on the MD-family.

### Exploiting Coding Theory for Collision Attacks on SHA-1

- Computer Science, MathematicsIMACC
- 2005

It is shown that coding theory can be exploited efficiently for the cryptanalysis of hash functions and the complexity for a collision attack on the full SHA-1 is conjecture.

### Differential Collisions in SHA-0

- Computer Science, MathematicsCRYPTO
- 1998

A theoretical attack on the compression function SHA-O with complexity 2 61 is obtained, which is thus better than the birthday paradox attack and is a strong evidence that the transition to version 1 indeed raised the level of security of SHA.

### Collisions of SHA-0 and Reduced SHA-1

- Computer Science, MathematicsEUROCRYPT
- 2005

Improvements to the techniques used to cryptanalyze SHA-0 are described and improvements that allow us to find collisions of reduced versions of SHA-1 are presented, that show that collisions up to about 53–58 rounds can still be found faster than by birthday attacks.