Collisions of SHA-0 and Reduced SHA-1

In this paper we describe improvements to the techniques used to cryptanalyze SHA-0 and introduce the first results on SHA-1. The results include a generic multi-block technique that uses near-collisions in order to find collisions, and a four-block collision of SHA-0 found using this technique with complexity 251. Then, extension of this and prior techniques are presented, that allow us to find collisions of reduced versions of SHA-1. We give collisions of variants with up to 40 rounds, and show the complexities of longer variants. These techniques show that collisions up to about 53–58 rounds can still be found faster than by birthday attacks.

[1]  Hui Chen,et al.  Cryptanalysis of the Hash Functions MD4 and RIPEMD , 2005, EUROCRYPT.

[2]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.

[3]  Eli Biham,et al.  Near-Collisions of SHA-0 , 2004, CRYPTO.

[4]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[5]  Vincent Rijmen,et al.  Update on SHA-1 , 2005, CT-RSA.

[6]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[7]  Antoine Joux,et al.  Differential Collisions in SHA-0 , 1998, CRYPTO.