2009 | OriginalPaper | Chapter
Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1
Authors : Kazumaro Aoki, Yu Sasaki
Published in: Advances in Cryptology - CRYPTO 2009
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
Preimage resistance of several hash functions has already been broken by the meet-in-the-middle attacks and they utilize a property that their message schedules consist of only permutations of message words. It is unclear whether this type of attacks is applicable to a hash function whose message schedule does not consist of permutations of message words. This paper proposes new attacks against reduced SHA-0 and SHA-1 hash functions by analyzing a message schedule that does not consist of permutations but linear combinations of message words. The newly developed cryptanalytic techniques enable the meet-in-the-middle attack to be applied to reduced SHA-0 and SHA-1 hash functions. The attacks find preimages of SHA-0 and SHA-1 in 2
156.6
and 2
159.3
compression function computations up to 52 and 48 steps, respectively, compared to the brute-force attack, which requires 2
160
compression function computations. The previous best attacks find preimages up to 49 and 44 steps, respectively.