# Notes on the Wang et al. 263 SHA-1 Differential Path

@article{Cochran2007NotesOT, title={Notes on the Wang et al. 263 SHA-1 Differential Path}, author={Martin Cochran}, journal={IACR Cryptol. ePrint Arch.}, year={2007}, volume={2007}, pages={474} }

Although advances in SHA-1 cryptanalysis have been made since the 2005 announcement of a 263 attack by Wang et al., the details of the attack have not yet been vetted; this note does just that. Working from Adi Shamir’s 2005 CRYPTO rump session presentation of Wang et al.’s work, this note corroborates and presents the differential path and associated conditions for the two-block attack. Although the error analysis for the advanced condition correction technique is not verified, a method is…

## 20 Citations

New Collision Attacks on SHA-1 Based on Optimal Joint Local-Collision Analysis

- Computer Science, MathematicsEUROCRYPT
- 2013

Novel techniques are introduced that enable us to determine the theoretical maximum success probability for a given set of (dependent) local colli- sions, as well as the smallest set of message conditions that attains this probability.

Speeding up detection of SHA-1 collision attacks using unavoidable attack conditions

- Computer Science, MathematicsUSENIX Security Symposium
- 2017

This paper presents a significant performance improvement for collision detection based on the new concept of unavoidable conditions, and provides a formal model for unavoidable conditions for collision attacks on MD5-like compression functions.

Another look at HMAC

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2012

A separation result is proved between two versions of HMAC, the former being the real-world version standardized by Bellare et al. in 1997 and the latter being the version described in Bellare's proof of security in his Crypto 2006 paper.

MD5 and SHA-1 Collision Attacks: A Tutorial

- Computer Science, Mathematics
- 2008

In this tutorial, collision attacks for MD5 and SHA-1 will be presented and analyzed and the implications of these attacks on the development of future hash functions will be discussed.

Crack me if you can: hardware acceleration bridging the gap between practical and theoretical cryptanalysis?: a Survey

- Computer Science, MathematicsSAMOS
- 2018

This survey is divided into three parts, cryptanalytic attacks designed with specific implementation requirements, previous crypt Analytic machines and quantum computers, the technology that promises to change how the authors think about cryptography and cryptanalysis.

Differential Path for SHA-1 with complexity O(252)

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2009

Using some new approaches to differential analysis, this work was able to find a new differential path which can be used in a collision attack with complexity of O(2), currently the lowest complexity attack on SHA-1.

An evaluation of the effects of broken cryptographic primitives on Bitcoin

- Mathematics, Computer Science
- 2015

It is concluded that solving the effects of broken cryptographic primitives on the operation of the Bitcoin network and the changes to the Bitcoin protocol that will be necessary in response requires some degree of centralization, or the use of Zero-Knowledge Proofs along or on top of Bitcoin.

Memoryless Unbalanced Meet-in-the-Middle Attacks: Impossible Results and Applications

- Computer Science, MathematicsACNS
- 2014

An impossibility is shown of the memoryless unbalanced MitM attack without significantly increasing the computational cost, which can be used to generate multi-collisions of hash functions by using a dedicated collision attack algorithm.

A Cryptanalysis of IOTA ’ s Curl Hash Function

- Computer Science, Mathematics
- 2018

It is concluded that Curl is not a secure cryptographic hash function and should be removed from use.

Attacks on and Advances in Secure Hash Algorithms

- Computer Science, Mathematics
- 2016

An analysis of serial and parallel implementations of these algorithms, both in hardware and in software, including an analysis of the performance and the level of protection offered against attacks on the algorithms are presented.

## References

SHOWING 1-10 OF 43 REFERENCES

Algebraic Cryptanalysis of 58-Round SHA-1

- Computer Science, MathematicsFSE
- 2007

The aim of this article is to sophisticate and improve Wang's attack by using algebraic techniques and introduce new notions, namely semi-neutral bit and adjuster and propose then an improved message modification technique based ongebraic techniques.

Hash Functions and the (Amplified) Boomerang Attack

- Computer Science, MathematicsCRYPTO
- 2007

It is shown that using this boomerang attack as a neutral bits tool, it becomes possible to lower the complexity of the attacks on SHA-1.

Differential Collisions in SHA-0

- Computer Science, MathematicsCRYPTO
- 1998

A theoretical attack on the compression function SHA-O with complexity 2 61 is obtained, which is thus better than the birthday paradox attack and is a strong evidence that the transition to version 1 indeed raised the level of security of SHA.

Collisions of SHA-0 and Reduced SHA-1

- Computer Science, MathematicsEUROCRYPT
- 2005

Improvements to the techniques used to cryptanalyze SHA-0 are described and improvements that allow us to find collisions of reduced versions of SHA-1 are presented, that show that collisions up to about 53–58 rounds can still be found faster than by birthday attacks.

Advances in Cryptology – CRYPTO 2004

- Computer Science, MathematicsLecture Notes in Computer Science
- 2004

A formal statistical framework for block cipher attacks based on this technique is developed and explicit and compact gain formulas for generalized versions of Matsui’s Algorithm 1 and Algorithm 2 are derived.

The Boomerang Attack

- Computer Science, MathematicsFSE
- 1999

This paper disprove the of t-repeated claim that eliminating all high-probability differentials for the whole cipher is sufficient to guarantee security against differential attacks, and shows how to break COCONUT98, a cipher designed using decorrelation techniques to ensure provable securityagainst differential attacks.

A Study of the MD5 Attacks: Insights and Improvements

- Computer ScienceFSE
- 2006

A study of all attacks on MD5 starting from Wang, which explains the techniques used by her team, insights on how to improve these techniques, and uses these insights to produce an even faster attack onMD5.

Advances in Cryptology

- Computer Science, MathematicsLecture Notes in Computer Science
- 2000

The undecidable word problem for groups and semlgroups is investigated as a basis for a public-key cryptosystem, and the type of cryptos System shown is randomized, with infinitely many ciphertexts corresponding t o each plaintext.

How to Break MD5 and Other Hash Functions

- Computer Science, MathematicsEUROCRYPT
- 2005

A new powerful attack on MD5 is presented, which unlike most differential attacks, does not use the exclusive-or as a measure of difference, but instead uses modular integer subtraction as the measure.

Update on SHA-1

- Computer Science, MathematicsCT-RSA
- 2005

It is shown that for a reduced version of SHA-1, with 53 rounds instead of 80, it is possible to find collisions in less than 280 operations.