[Cryptography] Preimage Attacks on 41-Step SHA-256 and 46-Step SHA-512 -
Phillip Hallam-Baker
hallam at gmail.com
Tue Dec 17 08:12:32 EST 2013
On Mon, Dec 16, 2013 at 9:12 PM, Robert Hettinga <hettinga at gmail.com> wrote:
>
>
> http://www.scholr.ly/paper/2078146/preimage-attacks-on-41-step-sha-256-and-46-step-sha-512
>
> Preimage Attacks on 41-Step SHA-256 and 46-Step SHA-512
>
> Abstract
>
> Abstract. In this paper, we propose preimage attacks on 41-step SHA-256
> and 46-step SHA-512, which drastically increase the number of attacked
> steps compared to the best previous preimage attack working for only 24
> steps. The time complexity for 41-step SHA-256 is 2 253.5 compression
> function operations and the memory requirement is 2 16 × 10 words. The time
> complexity for 46-step SHA-512 is 2 511.5 compression function operations
> and the memory requirement is 2 3 × 10 words. Our attack is a
> meet-in-the-middle attack. We first consider the application of previous
> meet-in-the-middle attack techniques to SHA-2. We then analyze the message
> expansion of SHA-2 by considering all previous techniques to find a new
> independent message-word partition. We first explain the attack on 40-step
> SHA-256 whose complexity is 2 249 to describe the ideas. We then explain
> how to extend the attack. 1
>
This is not particularly impressive or worrisome. The attack is on a reduce
strength version of the algorithm and the time complexity is 2^253.5 for
SHA256.
If this is the best that can be done, we are in good shape.
--
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131217/d17d206c/attachment.html>
More information about the cryptography
mailing list