Analysis of SHA-1 in Encryption Mode

This paper analyses the cryptographic hash function SHA- 1 in encryption mode. A detailed analysis is given of the resistance of SHA-1 against the most powerful known attacks today. It is concluded that none of these attacks can be applied successfully in practice to SHA-1. Breaking SHA-1 in encryption mode requires either an unrealistic amount of computation time and known/chosen texts, or a major breakthrough in cryptanalysis. The original motivation for this analysis is to investigate a block cipher named SHACAL based on these principles. SHACAL has been submitted to the NESSIE call for cryptographic primitives.

[1]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.

[2]  William Stallings Secure Hash Algorithm , 2011, Encyclopedia of Cryptography and Security.

[3]  Antoine Joux,et al.  Differential Collisions in SHA-0 , 1998, CRYPTO.

[4]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[5]  Hans Dobbertin Cryptanalysis of MD5 Compress , 1996 .

[6]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[7]  Hans Dobbertin,et al.  Cryptanalysis of MD4 , 1996, Journal of Cryptology.

[8]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[9]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[10]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[11]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.