Colliding Message Pairs for 23 and 24-step SHA-512
Somitra Kumar Sanadhya, Palash Sarkar
TL;DR
This paper presents new collision attacks on 23 and 24-step SHA-512, providing the first colliding message pair for 24-step and significantly reducing attack complexities.
Contribution
It introduces the first colliding message pair for 24-step SHA-512 and improves attack complexities using a differential path from prior research.
Findings
First colliding message pair for 24-step SHA-512
Reduced attack complexities to $2^{16.5}$ and $2^{34.5}$ calls
Attacks based on differential path by Sanadhya and Sarkar
Abstract
Recently, Indesteege et al. [1] had described attacks against 23 and 24-step SHA-512 at SAC '08. Their attacks are based on the differential path by Nikolic and Biryukov [2]. The reported complexities are and calls to the respective step reduced SHA-512 hash function. They provided colliding message pairs for 23-step SHA-512 but did not provide a colliding message pair for 24-step SHA-512. In this note we provide a colliding message pair for 23-step SHA-512 and the first colliding message pair for 24-step SHA-512. Our attacks use the differential path first described by Sanadhya and Sarkar at ACISP '08 [3]. The complexities of our attacks are and calls to the respective step reduced SHA-512 hash function. Complete details of the attacks will be provided in an extended version of this note.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptographic Implementations and Security · Coding theory and cryptography