From Collisions to Chosen-Prefix Collisions - Application to Full SHA-1

@article{Leurent2019FromCT,
  title={From Collisions to Chosen-Prefix Collisions - Application to Full SHA-1},
  author={Ga{\"e}tan Leurent and Thomas Peyrin},
  journal={IACR Cryptol. ePrint Arch.},
  year={2019},
  volume={2019},
  pages={459}
}
A chosen-prefix collision attack is a stronger variant of a collision attack, where an arbitrary pair of challenge prefixes are turned into a collision. Chosen-prefix collisions are usually significantly harder to produce than (identical-prefix) collisions, but the practical impact of such an attack is much larger. While many cryptographic constructions rely on collision-resistance for their security proofs, collision attacks are hard to turn into break of concrete protocols, because the… 

Figures and Tables from this paper

A Survey of Chosen-Prefix Collision Attacks
  • M.M.J. Stevens
  • Computer Science, Mathematics
    Computational Cryptography
  • 2021
TLDR
This chapter focuses on collision resistance, a security property that is the main focus of this chapter: collision resistance in cryptographic hash functions.
SHA-1 is a Shambles - First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust
TLDR
The first practical implementation of an almost practical chosen-prefix collision attack against SHA-1 is reported, and its impact on real-world security with a PGP/GnuPG impersonation attack proves thatSHA-1 signatures now offer virtually no security in practice.
SHA-1 is a Shambles
TLDR
The first practical implementation of an almost practical chosen-prefix collision attack against SHA-1 is reported, and its impact on real-world security with a PGP/GnuPG impersonation attack proves thatSHA-1 signatures now offers virtually no security in practice.
On the Cost of ASIC Hardware Crackers: A SHA-1 Case Study
TLDR
It is shown that an ASIC cluster costing a few millions would be able to generate chosen- prefix collisions in a day or even in a minute, and extends the attack surface to TLS and SSH, for which the chosen-prefix collision would need to be generated very quickly.
OSHA: A Next Generation One-way Secure Hash Algorithm
TLDR
This work proposes a novel one-way secure hash algorithm, OSHA for short, to protect sensitive data against attackers and replaces the fixed constant with the pseudo-random numbers.
Cache-22: A Highly Deployable End-To-End Encrypted Cache System with Post-Quantum Security
TLDR
Compared to direct HTTPS communication between a service provider and a user, employing the Cache-22 system has a merit to drastically reduce communications between a cache server and the service provider, which is effective in a hierarchical network with a cost disparity.
OSHA: A General-purpose One-way Secure Hash Algorithm
  • Ripon Patgiri
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2021
TLDR
This work proposes a novel and one-way secure hash algorithm, OSHA for short, to protect sensitive data against attackers and replaces the fixed constant with the private keys.
A Fast Prekeying-Based Integrity Protection for Smart Grid Communications
TLDR
The extensive evaluation shows that the method is up to 21 times faster than standard integrity protection algorithms, and can do the message encryption in under 1 ms even on a very low-end microcontroller.
Modern Hash Collision CyberAttacks and Methods of Their Detection and Neutralization
TLDR
It can be concluded that the main advantages of implementing software tool are effective detection of vulnerable hash, the ability to generate new hash protected from collisions, convenient and user– friendly interface, small memory requirements and small size of the program code.
History of Cryptographic Key Sizes
TLDR
This was the first systematic attempt to measure the relative difficulty of different problems and provide some form of scientific guidance on determining key sizes.
...
1
2
3
...

References

SHOWING 1-10 OF 30 REFERENCES
Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate
TLDR
A more flexible family of differential paths and a new variable birthdaying search space are described, leading to just three pairs of near-collision blocks to generate the collision, enabling construction of RSA moduli that are sufficiently short to be accepted by current CAs.
Attacks on Hash Functions and Applications
TLDR
This thesis provides an analysis of the security of the cryptographic hash function standards MD5 and SHA-1 that have been broken since 2004 due to so called identical-prefix collision attacks and introduces a new more flexible attack called the chosen- prefix collision attack that allows significantly more control over the two colliding messages.
Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities
We present a novel, automated way to find differential paths for MD5. As an application we have shown how, at an approximate expected cost of 250calls to the MD5 compression function, for any two
Collision Attack on 5 Rounds of Grøstl
TLDR
A novel collision attack for up to 5 rounds of the Grostl hash function is described, which significantly improves upon the best previously published results on 3 rounds.
Collisions for 70-Step SHA-1: On the Full Cost of Collision Search
TLDR
This work surveys different techniques for fast collision search in SHA-1 and proposes a simple but effective method to facilitate comparison, and considers a newly developed attack on 70-step SHA- 1 and gives complexity estimates and performance measurements of this new and improved collision search method.
Practical Free-Start Collision Attacks on 76-step SHA-1
TLDR
This work exploits the additional freedom provided by this model by using a new start-from-the-middle approach in combination with improvements on the cryptanalysis tools that have been developed for SHA-1 in the recent years, which results in particular in better differential paths than the ones used for hash function collisions so far.
Collisions of SHA-0 and Reduced SHA-1
TLDR
Improvements to the techniques used to cryptanalyze SHA-0 are described and improvements that allow us to find collisions of reduced versions of SHA-1 are presented, that show that collisions up to about 53–58 rounds can still be found faster than by birthday attacks.
New Collision Attacks on SHA-1 Based on Optimal Joint Local-Collision Analysis
TLDR
Novel techniques are introduced that enable us to determine the theoretical maximum success probability for a given set of (dependent) local colli- sions, as well as the smallest set of message conditions that attains this probability.
Freestart Collision for Full SHA-1
TLDR
This is the first practical break of the full SHA-1, reaching all 80 out of 80 steps, and it further shows how GPUs can be used very efficiently for this kind of attack.
Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH
TLDR
A new class of transcript collision attacks on key exchange protocols that rely on efficient collision-finding algorithms on the underlying hash constructions are identified, demonstrating the urgent need for disabling all uses of weak hash functions in mainstream protocols.
...
1
2
3
...