Second order collision for the 42-step reduced DHA-256 hash function

At the Cryptographic Hash Workshop hosted by NIST in 2005, Lee et al. proposed the DHA-256 (Double Hash Algorithm-256) hash function. The design of DHA-256 builds upon the design of SHA-256, but introduces additional strengthening features such as optimizing the message expansion and step function against local collision attacks. Previously, DHA-256 was analyzed by J. Zhong and X. Lai, who presented a preimage attack on 35 steps of the compression function with complexity 2^2^3^9^.^6. In addition, the IAIK Krypto Group provided evidence that there exists a 9-step local collision for the DHA-256 compression function with probability higher than previously predicted. In this paper, we analyze DHA-256 in the context of higher order differential attacks. In particular, we provide a practical distinguisher for 42 out of 64 steps and give an example of a colliding quartet to validate our results.

[1]  Florian Mendel,et al.  Higher-Order Differential Attack on Reduced SHA-256 , 2011, IACR Cryptol. ePrint Arch..

[2]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[3]  Yu Sasaki,et al.  Boomerang Distinguishers for Full HAS-160 Compression Function , 2012, IWSEC.

[4]  IAIK Krypto Preliminary Analysis of DHA-256 , 2005, IACR Cryptol. ePrint Arch..

[5]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[6]  Gaëtan Leurent,et al.  Boomerang Attacks on Hash Function Using Auxiliary Differentials , 2012, CT-RSA.

[7]  Gaoli Wang,et al.  Boomerang and Slide-Rotational Analysis of the SM3 Hash Function , 2012, Selected Areas in Cryptography.

[8]  Florian Mendel,et al.  Finding SHA-2 Characteristics: Searching through a Minefield of Contradictions , 2011, ASIACRYPT.

[9]  Alex Biryukov,et al.  Boomerang Attacks on BLAKE-32 , 2011, FSE.

[10]  Xuejia Lai,et al.  Preimage Attack on Reduced DHA-256 , 2011, J. Inf. Sci. Eng..

[11]  Alex Biryukov,et al.  Second-Order Differential Collisions for Reduced SHA-256 , 2011, ASIACRYPT.

[12]  Yu Sasaki Boomerang Distinguishers on MD4-Based Hash Functions: First Practical Results on Full 5-Pass HAVAL Compression Function , 2013, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[13]  Florian Mendel,et al.  Boomerang Distinguisher for the SIMD-512 Compression Function , 2011, INDOCRYPT.

[14]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[15]  Florian Mendel,et al.  Improving Local Collisions: New Attacks on Reduced SHA-256 , 2013, EUROCRYPT.

[16]  David A. Wagner,et al.  The Boomerang Attack , 1999, FSE.

[17]  Yu Sasaki,et al.  Boomerang Distinguishers on MD4-Family: First Practical Results on Full 5-Pass HAVAL , 2011, Selected Areas in Cryptography.

[18]  John Kelsey,et al.  Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition , 2012 .

[19]  Sean Murphy,et al.  The Return of the Cryptographic Boomerang , 2011, IEEE Transactions on Information Theory.

[20]  Jean-Sébastien Coron,et al.  The Random Oracle Model and the Ideal Cipher Model Are Equivalent , 2008, CRYPTO.

[21]  Xuejia Lai Higher Order Derivatives and Differential Cryptanalysis , 1994 .