New Collision Attacks on SHA-1 Based on Optimal Joint Local-Collision Analysis

Stevens, Marc

doi:10.1007/978-3-642-38348-9_15

Cited by 61 publications

(72 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Given the fact that no actual collisions are known yet, it is somewhat difficult to decide which triples to include. For this we refer to our recent analysis [Ste13] that seems to use the most appropriate cost function, namely one that is exact, exhaustive and takes the dependence of local collisions fully into account. However, due to the complex nature of constructing a collision attack, this cost function is not perfect as it does not accurately predict the final attack complexity.…”

Section: Application To Sha-1mentioning

confidence: 99%

Counter-Cryptanalysis

Stevens

2013

Advances in Cryptology – CRYPTO 2013

Self Cite

View full text Add to dashboard Cite

Abstract. We introduce counter-cryptanalysis as a new paradigm for strengthening weak cryptographic primitives against cryptanalytic attacks. Redesigning a weak primitive to more strongly resist cryptanalytic techniques will unavoidably break backwards compatibility. Instead, counter-cryptanalysis exploits unavoidable anomalies introduced by cryptanalytic attacks to detect and block cryptanalytic attacks while maintaining full backwards compatibility. Counter-cryptanalysis in principle enables the continued secure use of weak cryptographic primitives.Furthermore, we present the first example of counter-cryptanalysis, namely the efficient detection whether any given single message has been constructed -together with an unknown sibling message -using a cryptanalytic collision attack on MD5 or SHA-1.An immediate application is in digital signature verification software to ensure that an (older) MD5 or SHA-1 based digital signature is not a forgery using a collision attack. This would certainly be desirable for two reasons. Firstly, it might still be possible to generate malicious forgeries using collision attacks as too many parties still sign using MD5 (or SHA-1) based signature schemes. Secondly, any such forgeries are currently accepted nearly everywhere due to the ubiquitous support of MD5 and SHA-1 based signature schemes. Despite the academic push to use more secure hash functions over the last decade, these two real-world arguments (arguably) will remain valid for many more years.Only due to counter-cryptanalysis were we able to discover that Flame, a highly advanced malware for cyberwarfare uncovered in May 2012, employed an as of yet unknown variant of our chosen-prefix collision attack on MD5 [SLdW07, SSA+ 09]. In this paper we disect the revealed cryptanalytic details and work towards the reconstruction of the algorithms underlying Flame's new variant attack. Finally, we make a preliminary comparision between Flame's attack and our chosen-prefix collision attack.

show abstract

Section: Application To Sha-1mentioning

confidence: 99%

Counter-Cryptanalysis

Stevens

2013

Advances in Cryptology – CRYPTO 2013

Self Cite

View full text Add to dashboard Cite

show abstract

“…In 2010 Marc Steven [8] presents an identical prefix collision attack on SHA-1 with complexities equivalent to approximately 2 61 (theoretical). SHA-512/224 and SHA-512/256 are also truncated version of SHA-512 but the initial values are generated using the method described in FIPS PUB 180-4 [3].…”

Section: Attacks On Sha-1mentioning

confidence: 99%

Design of New Hash Algorithm with Integration of Key based on the Review of Standard Hash Algorithms

Garg¹,

Wadhwa²

2014

IJCA

View full text Add to dashboard Cite

Cryptographic Hash Functions are main building block of message integrity. These functions have many information security applications such as Digital Signatures, Message Authentication, Data Integrity and Key derivation. This paper presents comparative study of standard hash algorithms (MD5, SHA-1 and SHA-2), their security aspects and recent attacks. In this paper, a new hash algorithm with integration of key is proposed. This key is a shared secret key 'KEY' of 192-bit. The proposed algorithm produces a hash code of 192 bits from an arbitrary length input and serves the requirement of both the message integrity as well as source authentication. This algorithm consists of very simple steps, therefore would have lesser overhead and complexity as compared to the standard hash algorithms.

show abstract

“…They introduce sufficient entropy so one can argue that the Markov chain assumption holds. However, exceptions from this rule with respect to differential analysis can be found in the case of ARX or ARX-like primitives -we refer the reader to [4,18,21,23,24] for such examples 1 .…”

Section: Introductionmentioning

confidence: 99%

Rotational Cryptanalysis of ARX Revisited

Khovratovich

Nikolić

Pieprzyk

et al. 2015

Fast Software Encryption

View full text Add to dashboard Cite

Abstract. Rotational cryptanalysis is a probabilistic attack applicable to word oriented designs that use (almost) rotation-invariant constants. It is believed that the success probability of rotational cryptanalysis against ciphers and functions based on modular additions, rotations and XORs, can be computed only by counting the number of additions. We show that this simple formula is incorrect due to the invalid Markov cipher assumption used for computing the probability. More precisely, we show that chained modular additions used in ARX ciphers do not form a Markov chain with regards to rotational analysis, thus the rotational probability cannot be computed as a simple product of rotational probabilities of individual modular additions.We provide a precise value of the probability of such chains and give a new algorithm for computing the rotational probability of ARX ciphers. We use the algorithm to correct the rotational attacks on BLAKE2 and to provide valid rotational attacks against the simplified version of Skein.

show abstract

New Collision Attacks on SHA-1 Based on Optimal Joint Local-Collision Analysis

Cited by 61 publications

References 11 publications

Counter-Cryptanalysis

Counter-Cryptanalysis

Design of New Hash Algorithm with Integration of Key based on the Review of Standard Hash Algorithms

Rotational Cryptanalysis of ARX Revisited

Contact Info

Product

Resources

About