Finding Near-Optimum Message Scheduling Settings for SHA-256 Variants Using Genetic Algorithms

One-way hash functions play an important role in modern cryptography. Matusiewicz et al. proved that the message scheduling is essential for the security of SHA- 256 by showing that it is possible to find collisions with complexity 264 hash operations for a variant without it. In this article, we first proposed the conjecture that message scheduling of SHA algorithm has higher security complexity (or fitness value in Genetic algorithm) if each message word (Wt) involves more message blocks (Mi) in each round. We found some evidence supports the conjecture. Consider the security of SHA-0 and SHA-1. Since Chabaud and Joux shown that SHA-1 is more secure than SHA-0. Further, Wang found collisions in full SHA-0 and SHA-1 hash operations with complexities less than 239 and 269, respectively. We found it is consistent from the viewpoint of message blocks (terms) involved in each message word. It clearly shown that the number of terms involved in SHA-1 is more than that in SHA-0, taking W27 as an example, 14 and 6, respectively. Based on the conjecture we proposed a new view of complexity for SHA- 256-XOR functions, a variant of SHA-256, by counting the terms involved in each equation, instead of analyzing the probability of finding collisions within SHA-256-XOR hash function. Our experiments shown that the parameter set in each equation of message schedule is crucial to security fitness. We applied genetic algorithms to find the near-optimal message schedule parameter sets that enhance the complexity 4 times for SHA-1 and 1.5 times for SHA-256-XOR, respectively, when compared to original SHA- 1 and SHA-256-XOR functions. The analysis would be interesting for designers on the security of modular-addition-free hash function which is good for hardware implementation with lower gate count. And the found message schedule parameter sets would be a good reference for further improvement of SHA functions.

[1]  Xiaoyun Wang,et al.  Efficient Collision Search Attacks on SHA-0 , 2005, CRYPTO.

[2]  Vincent Rijmen,et al.  Analysis of Step-Reduced SHA-256 , 2006, FSE.

[3]  Palash Sarkar,et al.  PARSHA-256- - A New Parallelizable Hash Function and a Multithreaded Implementation , 2003, FSE.

[4]  Jian Guo,et al.  Preimages for Step-Reduced SHA-2 , 2009, IACR Cryptol. ePrint Arch..

[5]  Alex Biryukov,et al.  Analysis of a SHA-256 Variant , 2005, Selected Areas in Cryptography.

[6]  Bart Preneel,et al.  Collisions and other Non-Random Properties for Step-Reduced SHA-256 , 2009, IACR Cryptol. ePrint Arch..

[7]  Evgeny A. Grechnikov Collisions for 72-step and 73-step SHA-1: Improvements in the Method of Characteristics , 2010, IACR Cryptol. ePrint Arch..

[8]  John H. Holland,et al.  Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence , 1992 .

[9]  Helena Handschuh,et al.  Security Analysis of SHA-256 and Sisters , 2003, Selected Areas in Cryptography.

[10]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[11]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[12]  Yi-Shiung Yeh,et al.  Analyze SHA-1 in message schedule , 2007 .

[13]  Vincent Rijmen,et al.  Analysis of simplified variants of SHA-256 , 2005, WEWoRC.

[14]  Antoine Joux,et al.  Differential Collisions in SHA-0 , 1998, CRYPTO.

[15]  Alex Biryukov,et al.  Collisions for Step-Reduced SHA-256 , 2008, FSE.

[16]  Vincent Rijmen,et al.  Update on SHA-1 , 2005, CT-RSA.

[17]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[18]  Quynh H. Dang,et al.  Secure Hash Standard | NIST , 2015 .

[19]  Jongsung Kim,et al.  Related-Key Rectangle Attack on 42-Round SHACAL-2 , 2006, ISC.

[20]  Florian Mendel,et al.  Finding SHA-2 Characteristics: Searching through a Minefield of Contradictions , 2011, ASIACRYPT.

[21]  Palash Sarkar,et al.  New Collision Attacks against Up to 24-Step SHA-2 , 2008, INDOCRYPT.

[22]  Alex Biryukov,et al.  Data Encryption Standard (DES) , 2005, Encyclopedia of Cryptography and Security.

[23]  Alex Biryukov,et al.  Second-Order Differential Collisions for Reduced SHA-256 , 2011, ASIACRYPT.