• Corpus ID: 18704276

Notes on the Wang et al. 263 SHA-1 Differential Path

  title={Notes on the Wang et al. 263 SHA-1 Differential Path},
  author={Martin Cochran},
  journal={IACR Cryptol. ePrint Arch.},
  • Martin Cochran
  • Published 2007
  • Mathematics, Computer Science
  • IACR Cryptol. ePrint Arch.
Although advances in SHA-1 cryptanalysis have been made since the 2005 announcement of a 263 attack by Wang et al., the details of the attack have not yet been vetted; this note does just that. Working from Adi Shamir’s 2005 CRYPTO rump session presentation of Wang et al.’s work, this note corroborates and presents the differential path and associated conditions for the two-block attack. Although the error analysis for the advanced condition correction technique is not verified, a method is… 

Figures and Tables from this paper

New Collision Attacks on SHA-1 Based on Optimal Joint Local-Collision Analysis
Novel techniques are introduced that enable us to determine the theoretical maximum success probability for a given set of (dependent) local colli- sions, as well as the smallest set of message conditions that attains this probability.
Speeding up detection of SHA-1 collision attacks using unavoidable attack conditions
This paper presents a significant performance improvement for collision detection based on the new concept of unavoidable conditions, and provides a formal model for unavoidable conditions for collision attacks on MD5-like compression functions.
Another look at HMAC
A separation result is proved between two versions of HMAC, the former being the real-world version standardized by Bellare et al. in 1997 and the latter being the version described in Bellare's proof of security in his Crypto 2006 paper.
MD5 and SHA-1 Collision Attacks: A Tutorial
In this tutorial, collision attacks for MD5 and SHA-1 will be presented and analyzed and the implications of these attacks on the development of future hash functions will be discussed.
Crack me if you can: hardware acceleration bridging the gap between practical and theoretical cryptanalysis?: a Survey
This survey is divided into three parts, cryptanalytic attacks designed with specific implementation requirements, previous crypt Analytic machines and quantum computers, the technology that promises to change how the authors think about cryptography and cryptanalysis.
Differential Path for SHA-1 with complexity O(252)
Using some new approaches to differential analysis, this work was able to find a new differential path which can be used in a collision attack with complexity of O(2), currently the lowest complexity attack on SHA-1.
An evaluation of the effects of broken cryptographic primitives on Bitcoin
It is concluded that solving the effects of broken cryptographic primitives on the operation of the Bitcoin network and the changes to the Bitcoin protocol that will be necessary in response requires some degree of centralization, or the use of Zero-Knowledge Proofs along or on top of Bitcoin.
Memoryless Unbalanced Meet-in-the-Middle Attacks: Impossible Results and Applications
  • Yu Sasaki
  • Computer Science, Mathematics
  • 2014
An impossibility is shown of the memoryless unbalanced MitM attack without significantly increasing the computational cost, which can be used to generate multi-collisions of hash functions by using a dedicated collision attack algorithm.
A Cryptanalysis of IOTA ’ s Curl Hash Function
It is concluded that Curl is not a secure cryptographic hash function and should be removed from use.
Attacks on and Advances in Secure Hash Algorithms
An analysis of serial and parallel implementations of these algorithms, both in hardware and in software, including an analysis of the performance and the level of protection offered against attacks on the algorithms are presented.


Algebraic Cryptanalysis of 58-Round SHA-1
The aim of this article is to sophisticate and improve Wang's attack by using algebraic techniques and introduce new notions, namely semi-neutral bit and adjuster and propose then an improved message modification technique based ongebraic techniques.
Hash Functions and the (Amplified) Boomerang Attack
It is shown that using this boomerang attack as a neutral bits tool, it becomes possible to lower the complexity of the attacks on SHA-1.
Differential Collisions in SHA-0
A theoretical attack on the compression function SHA-O with complexity 2 61 is obtained, which is thus better than the birthday paradox attack and is a strong evidence that the transition to version 1 indeed raised the level of security of SHA.
Collisions of SHA-0 and Reduced SHA-1
Improvements to the techniques used to cryptanalyze SHA-0 are described and improvements that allow us to find collisions of reduced versions of SHA-1 are presented, that show that collisions up to about 53–58 rounds can still be found faster than by birthday attacks.
Advances in Cryptology – CRYPTO 2004
  • M. Franklin
  • Computer Science, Mathematics
    Lecture Notes in Computer Science
  • 2004
A formal statistical framework for block cipher attacks based on this technique is developed and explicit and compact gain formulas for generalized versions of Matsui’s Algorithm 1 and Algorithm 2 are derived.
The Boomerang Attack
  • D. Wagner
  • Computer Science, Mathematics
  • 1999
This paper disprove the of t-repeated claim that eliminating all high-probability differentials for the whole cipher is sufficient to guarantee security against differential attacks, and shows how to break COCONUT98, a cipher designed using decorrelation techniques to ensure provable securityagainst differential attacks.
A Study of the MD5 Attacks: Insights and Improvements
A study of all attacks on MD5 starting from Wang, which explains the techniques used by her team, insights on how to improve these techniques, and uses these insights to produce an even faster attack onMD5.
Advances in Cryptology
The undecidable word problem for groups and semlgroups is investigated as a basis for a public-key cryptosystem, and the type of cryptos System shown is randomized, with infinitely many ciphertexts corresponding t o each plaintext.
How to Break MD5 and Other Hash Functions
A new powerful attack on MD5 is presented, which unlike most differential attacks, does not use the exclusive-or as a measure of difference, but instead uses modular integer subtraction as the measure.
Update on SHA-1
It is shown that for a reduced version of SHA-1, with 53 rounds instead of 80, it is possible to find collisions in less than 280 operations.