[Cryptography] SHA-256 challenge

[McDair]

> On 8 Apr 2024 14:08 +0000, from cryptography at metzdowd.com (McDair via cryptography):
> 
> > > d084a44d89a2ce255743f551c92e018f5ddcc5b98a3adfddd2edd4b109b6b379, not
> > > deb360ae3c1ff7a29f83731b33dcd4bf354a5e80de2dc50370ebf55a14216b85.
> > 
> > I provided a couple of 17-round preimage examples in the first
> > category. They are preimages to the full extend for hash
> > deb360ae3c1ff7a29f83731b33dcd4bf354a5e80de2dc50370ebf55a14216b85,
> > however limited to 17 rounds.
> 
> 
> I frankly have no idea what you actually mean by this, especially the
> "preimages to the full extend for hash <value>". You can't take some
> 
> intermediate internal state and claim that it's a hash value, much
> less go from there to claiming that you have found a way to "decrypt"
> a hash value. I don't see how being able to get the internal state to
> some specific set of values after a small number of rounds by
> constructing a preimage is a particularly useful attack, and we
> already have actual preimage attacks for far larger numbers of rounds
> which so far have not been extended to anywhere near full 64-round
> SHA-256.
> 
> > I have also provided 64-round examples for the second category, they
> > will not yield to the challenge provided using the complete hash
> > function. I provided these examples to show progress wrt being able
> > to move around the 64 block words, which is essential to efficiently
> > finding preimages, and for the people who were genuinely interested
> > in this from the start (yes, there are).
> > 
> > You seem to have redirected the 64-round example under the wrong category?
> > 
> > With respect to the full hash function (17 rounds), you should try
> > and validate the examples in the first category (for which I
> > provided the hex value/bytes of the input message).
> 
> 
> You are the one who wrote "when expanded to the full 64 rounds, the
> method finds 'a' valid input message (so not necessarily the original
> message).", to say nothing of your next paragraph's statement that
> "Finding a preimage (again, not taking into account additional
> validation), even for 64 rounds happens therefore in negligible time.".
> 
> This reasonably implies (also reinforced by the fact that no one else
> has even suggested that there might be an alternative, meaningful
> interpretation of your statements) that you believe that your work can
> be extended to the full 64 rounds and that by doing so a preimage can
> be found, quoting your own words, "in negligible time".
> 
> Hence my challenge: given this particular hash, let's have a matching
> preimage.



> 
> Calling a cited paper describing an attack extending into the 40s of
> rounds "impractical" in what looks like an attempt at defense of your
> own apparently intermediate-state selection 8-round (or is it
> 17-round?) attack does not reflect well on what you are doing.
> 
> Unless and until you actually clearly and unambiguously state what
> claim you are making using established terminology in a proper manner,
> in a form that is testable and falsifiable, I think this is going to
> be my final contribution to this particular discussion.
> 
> --
> Michael Kjörling 🔗 https://michael.kjorling.se
> “Remember when, on the Internet, nobody cared that you were a dog?”
> 
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> https://www.metzdowd.com/mailman/listinfo/cryptography



Hi,

It's evident based on your (previous) answers the inner workings of SHA-256 is unclear to you. 

Instead of trying to find discrepancies in my writings by pulling things out of context - hopefully only because you lack knowledge - you'd better redirect your time actually trying to understand the details.

If you are unable to validate the 17-round preimages, that's OK, then it's not for you. 

It has been validated a couple of times by now anyway. 

Maybe one last hint: you're almost there, just add (mod 2^32) the IV to the desired round state and voila you have a reduced round hash.

McDair