论文信息 - A Matching Lower Bound on the Minimum Weight of SHA-1 Expansion Code

A Matching Lower Bound on the Minimum Weight of SHA-1 Expansion Code

Recently, Wang, Yin, and Yu ([WYY05b]) have used a low weight codeword in the SHA-1 message expansion to show a better than brute force method to find collisions in SHA-1. The smallest minimum weight codeword they report has a (bit) weight of 25 in the last 60 of the 80 expanded words. In this paper we show, using a computer assisted method, that this is indeed the smallest weight codeword. In particular, we show that the minimum weight over F2 of any non-zero codeword in the SHA-1 (linear) message expansion code, projected on the last 60 words, is at least 25.

Charanjit S. Jutla | Anindya C. Patthak

[1] Antoine Joux,et al. Differential Collisions in SHA-0 , 1998, CRYPTO.

[2] Josef Pieprzyk,et al. Finding Good Differential Patterns for Attacks on SHA-1 , 2005, WCC.

[3] Vincent Rijmen,et al. Update on SHA-1 , 2005, CT-RSA.

[4] 尚弘島影. National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[5] Dengguo Feng,et al. Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD , 2004, IACR Cryptol. ePrint Arch..

[6] Xiaoyun Wang,et al. Efficient Collision Search Attacks on SHA-0 , 2005, CRYPTO.

[7] Xiaoyun Wang,et al. Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[8] Charanjit S. Jutla,et al. A Simple and Provably Good Code for SHA Message Expansion , 2005, IACR Cryptol. ePrint Arch..

[9] Eli Biham,et al. Near-Collisions of SHA-0 , 2004, CRYPTO.