Is SHA-1 conceptually sound?
نویسندگان
چکیده
We argue that if the message expansion code of SHA-1 is replaced by a linear code with a better minimum distance, then the resulting hash function is collision resistant. To support this argument, we characterize the disturbance vectors which are used to build local collision attacks as a linear code. This linear code is the xor-sum of two codes, the message expansion code and a linear code representing the underlying block cipher in SHA-1. We also show that the following constraint satisfaction problem is NP-hard. The constraints are restricted to being XOR constraints, or Majority constraints on at most three variables each. The instances are further restricted by requiring that the constraints can be listed in a sequence C 1 ; C 2 ; ; C m , such that for every constraint C i , two of the variables in it occur only in constraints C j , with jj ? ij < 48. This problem is similar to the problem modeling the one-way function property of SHA-1.
منابع مشابه
Advanced Meet-in-the-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2
We revisit narrow-pipe designs that are in practical use, and their security against preimage attacks. Our results are the best known preimage attacks on Tiger, MD4, and reduced SHA-2, with the result on Tiger being the first cryptanalytic shortcut attack on the full hash function. Our attacks runs in time 2 for finding preimages, and 2 for second-preimages. Both have memory requirement of orde...
متن کاملRelaxed Differential Fault Analysis of SHA-3
In this paper, we propose a new method of differential fault analysis of SHA-3 which is based on the differential relations of the algorithm. Employing those differential relations in the fault analysis of SHA-3 gives new features to the proposed attacks, e.g., the high probability of fault detection and the possibility of re-checking initial faults and the possibility to recover internal state...
متن کاملMeet-continuity on $L$-directed Complete Posets
In this paper, the definition of meet-continuity on $L$-directedcomplete posets (for short, $L$-dcpos) is introduced. As ageneralization of meet-continuity on crisp dcpos, meet-continuity on$L$-dcpos, based on the generalized Scott topology, ischaracterized. In particular, it is shown that every continuous$L$-dcpo is meet-continuous and $L$-continuous retracts ofmeet-continuous $L$-dcpos are al...
متن کاملConceptual priming for realistic auditory scenes and for auditory words.
Two experiments were conducted using both behavioral and Event-Related brain Potentials methods to examine conceptual priming effects for realistic auditory scenes and for auditory words. Prime and target sounds were presented in four stimulus combinations: Sound-Sound, Word-Sound, Sound-Word and Word-Word. Within each combination, targets were conceptually related to the prime, unrelated or am...
متن کاملA Second Edition: Verification of a Cryptographic Primitive: SHA-256
The first edition of this paper appeared in TOPLAS 37(2) 7:1-7:31 (April 2015). It used notation compatible with the Verified Software Toolchain version 1.0, now obsolete. In this second edition there are no new scientific results, but the Verifiable C notation used corresponds to the VST 1.6 software currently in use, January 2016. Any differences between this version and the as-published TOPL...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2005 شماره
صفحات -
تاریخ انتشار 2005