[Resource Topic] 2006/098: Gröbner Basis Based Cryptanalysis of SHA-1

Welcome to the resource topic for 2006/098

Gröbner Basis Based Cryptanalysis of SHA-1

Authors: Makoto Sugita, Mitsuru Kawazoe, Hideki Imai


Recently, Wang proposed a new method to cryptanalyze SHA-1
and found collisions of 58-round SHA-1.
However many details of Wang’s attack are still unpublished,

  1. How to find differential paths?
  2. How to modify messages properly?
    For the first issue, some results have already been reported. In our article, we clarify the second issue and give a sophisticated method based on Gröbner basis techniques. We propose two algorithm based on the basic and an improved message modification techniques respectively. The complexity of our algorithm to find a collision for 58-round SHA-1 based on the basic message modification is 2^{29} message modifications and its implementation is equivalent to 2^{31} SHA-1 computation experimentally, whereas Wang’s method needs 2^{34} SHA-1 computation. We propose an improved message modification and apply it to construct a more sophisticated algorithm to find a collision. The complexity to find a collision for 58-round SHA-1 based on this improved message modification technique is 2^8 message modifications, but our latest implementation is very slow, equivalent to 2^{31} SHA-1 computation experimentally. However we conjecture that our algorithm can be improved by techniques of error correcting code and Gröbner basis. By using our methods, we have found many collisions for
    58-round SHA-1.

ePrint: https://eprint.iacr.org/2006/098

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .