[148479] in cryptography@c2.net mail archive
[Cryptography] Preimage Attacks on 41-Step SHA-256 and 46-Step
daemon@ATHENA.MIT.EDU (Robert Hettinga)
Mon Dec 16 21:25:54 2013
X-Original-To: cryptography@metzdowd.com
From: Robert Hettinga <hettinga@gmail.com>
Date: Mon, 16 Dec 2013 22:12:43 -0400
To: Cryptography List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
http://www.scholr.ly/paper/2078146/preimage-attacks-on-41-step-sha-256-and-=
46-step-sha-512
Preimage Attacks on 41-Step SHA-256 and 46-Step SHA-512
Abstract
Abstract. In this paper, we propose preimage attacks on 41-step SHA-256 and=
46-step SHA-512, which drastically increase the number of attacked steps c=
ompared to the best previous preimage attack working for only 24 steps. The=
time complexity for 41-step SHA-256 is 2 253.5 compression function operat=
ions and the memory requirement is 2 16 =D7 10 words. The time complexity f=
or 46-step SHA-512 is 2 511.5 compression function operations and the memor=
y requirement is 2 3 =D7 10 words. Our attack is a meet-in-the-middle attac=
k. We first consider the application of previous meet-in-the-middle attack =
techniques to SHA-2. We then analyze the message expansion of SHA-2 by cons=
idering all previous techniques to find a new independent message-word part=
ition. We first explain the attack on 40-step SHA-256 whose complexity is 2=
249 to describe the ideas. We then explain how to extend the attack. 1
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
