[Cryptography] Preimage Attacks on 41-Step SHA-256 and 46-Step SHA-512 -

Robert Hettinga hettinga at gmail.com
Mon Dec 16 21:12:43 EST 2013


http://www.scholr.ly/paper/2078146/preimage-attacks-on-41-step-sha-256-and-46-step-sha-512

Preimage Attacks on 41-Step SHA-256 and 46-Step SHA-512

Abstract

Abstract. In this paper, we propose preimage attacks on 41-step SHA-256 and 46-step SHA-512, which drastically increase the number of attacked steps compared to the best previous preimage attack working for only 24 steps. The time complexity for 41-step SHA-256 is 2 253.5 compression function operations and the memory requirement is 2 16 × 10 words. The time complexity for 46-step SHA-512 is 2 511.5 compression function operations and the memory requirement is 2 3 × 10 words. Our attack is a meet-in-the-middle attack. We first consider the application of previous meet-in-the-middle attack techniques to SHA-2. We then analyze the message expansion of SHA-2 by considering all previous techniques to find a new independent message-word partition. We first explain the attack on 40-step SHA-256 whose complexity is 2 249 to describe the ideas. We then explain how to extend the attack. 1




More information about the cryptography mailing list