In this work, we introduce a new non-random property for hash/compression functions using the theory of higher order differentials. Based on this, we show a second-order differential collision for the compression function of SHA-256 reduced to 47 out of 64 steps with practical complexity. We have implemented the attack and provide an example. Our results suggest that the security margin of SHA-256 is much lower than the security margin of most of the SHA-3 finalists in this setting. The techniques employed in this attack are based on a rectangle/boomerang approach and cover advanced search algorithms for good characteristics and message modification techniques. Our analysis also exposes flaws in all of the previously published related-key rectangle attacks on the SHACAL-2 block cipher, which is based on SHA-256. We provide valid rectangles for 48 steps of SHACAL-2. © 2011 International Association for Cryptologic Research.
CITATION STYLE
Biryukov, A., Lamberger, M., Mendel, F., & Nikolić, I. (2011). Second-order differential collisions forrReduced SHA-256. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7073 LNCS, pp. 270–287). https://doi.org/10.1007/978-3-642-25385-0_15
Mendeley helps you to discover research relevant for your work.