Conference paper
Preimages for Step-Reduced SHA-2
In this paper, we present preimage attacks on up to 43-step SHA-256 (around 67% of the total 64 steps) and 46-step SHA-512 (around 57.5% of the total 80 steps), which significantly increases the number of attacked steps compared to the best previously published preimage attack working for 24 steps. The time complexities are 2^251.9, 2^509 for finding pseudo-preimages and 2^254.9, 2^511.5 compression function operations for full preimages.
The memory requirements are modest, around 2^6 words for 43-step SHA-256 and 46-step SHA-512. The pseudo-preimage attack also applies to 43-step SHA-224 and SHA-384. Our attack is a meet-in-the-middle attack that uses a range of novel techniques to split the function into two independent parts that can be computed separately and then matched in a birthday-style phase.
Language: | English |
---|---|
Publisher: | Springer |
Year: | 2009 |
Pages: | 578-597 |
Proceedings: | 15th Annual International Conference on the Theory and Application of Cryptology and Information Security |
Series: | Lecture Notes in Computer Science |
ISBN: | 3642103650 , 3642103669 , 9783642103650 and 9783642103667 |
ISSN: | 03029743 |
Types: | Conference paper |
DOI: | 10.1007/978-3-642-10366-7_34 |