Diffusion Analysis of Message Expansion in STITCH-256

Cryptographic hash functions are built up from individual components, namely pre-processing, step transformation, and final processing. Some of the hash functions, such as SHA-256 and STITCH-256, employ non-linear message expansion in their pre-processing stage. However, STITCH-256 was claimed to produce high diffusion in its message expansion. In a cryptographic algorithm, high diffusion is desirable as it helps prevent an attacker finding collision-producing differences, which would allow one to find collisions of the whole function without resorting to a brute force search. In this paper, we analyzed the diffusion property of message expansion of STITCH-256 by observing the effect of a single bit difference over the output bits, and compare the result with that of SHA-256. We repeated the same procedure in 3 experiments of different round. The results from the experiments showed that the minimal weight in the message expansion of STITCH-256 is very much lower than that in the message expansion of SHA-256, i.e. message expansion of STITCH-256 produce high diffusion. Significantly, we showed that the probability to construct differential characteristic in the message expansion of STITCH-256 is reduced.

[1]  Josef Pieprzyk,et al.  Finding Good Differential Patterns for Attacks on SHA-1 , 2005, WCC.

[2]  Thomas Peyrin,et al.  Collisions on SHA-0 in One Hour , 2008, FSE.

[3]  Xiaoyun Wang,et al.  Efficient Collision Search Attacks on SHA-0 , 2005, CRYPTO.

[4]  Alex Biryukov,et al.  Second-Order Differential Collisions for Reduced SHA-256 , 2011, ASIACRYPT.

[5]  Jian Guo,et al.  Preimages for Step-Reduced SHA-2 , 2009, IACR Cryptol. ePrint Arch..

[6]  Norziana Jamil,et al.  STITCH-256: A dedicated cryptographic hash function , 2012 .

[7]  Yu Sasaki,et al.  Preimage Attacks on 41-Step SHA-256 and 46-Step SHA-512 , 2009, IACR Cryptol. ePrint Arch..

[8]  Marc Stevens Single-block collision attack on MD5 , 2012, IACR Cryptol. ePrint Arch..

[9]  Jian-Dong Liu,et al.  Nonlinear Message Expansion for Hash Function , 2008, 2008 International Conference on Computer Science and Information Technology.

[10]  Dengguo Feng,et al.  Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD , 2004, IACR Cryptol. ePrint Arch..

[11]  Evgeny A. Grechnikov Collisions for 72-step and 73-step SHA-1: Improvements in the Method of Characteristics , 2010, IACR Cryptol. ePrint Arch..

[12]  Vincent Rijmen,et al.  Update on SHA-1 , 2005, CT-RSA.

[13]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[14]  Tao Xie,et al.  Construct MD5 Collisions Using Just A Single Block Of Message , 2010, IACR Cryptol. ePrint Arch..

[15]  Charanjit S. Jutla,et al.  A Simple and Provably Good Code for SHA Message Expansion , 2005, IACR Cryptol. ePrint Arch..

[16]  Eli Biham,et al.  Near-Collisions of SHA-0 , 2004, CRYPTO.

[17]  Antoine Joux,et al.  Differential Collisions in SHA-0 , 1998, CRYPTO.