A Matching Lower Bound on the Minimum Weight of SHA-1 Expansion Code
نویسندگان
چکیده
Recently, Wang, Yin, and Yu ([WYY05b]) have used a low weight codeword in the SHA-1 message expansion to show a better than brute force method to find collisions in SHA-1. The smallest minimum weight codeword they report has a (bit) weight of 25 in the last 60 of the 80 expanded words. In this paper we show, using a computer assisted method, that this is indeed the smallest weight codeword. In particular, we show that the minimum weight over F2 of any non-zero codeword in the SHA-1 (linear) message expansion code, projected on the last 60 words, is at least 25.
منابع مشابه
A Simple and Provably Good Code for SHA Message Expansion
We develop a new computer assisted technique for lower bounding the minimum distance of linear codes similar to those used in SHA-1 message expansion. Using this technique, we prove that a modified SHA-1 like code has minimum distance at least 82, and that too in just the last 64 of the 80 expanded words. Further the minimum weight in the last 60 words (last 48 words) is at least 75 (52 respect...
متن کاملOn the Pixel Expansion of Hypergraph Access Structures in Visual Cryptography Schemes
In a visual cryptography scheme, a secret image is encoded into n shares, in the form of transparencies. The shares are then distributed to n participants. Qualified subsets of participants can recover the secret image by superimposing their transparencies, but non-qualified subsets of participants have no information about the secret image. Pixel expansion, which represents the number of subpi...
متن کاملIs SHA-1 conceptually sound?
We argue that if the message expansion code of SHA-1 is replaced by a linear code with a better minimum distance, then the resulting hash function is collision resistant. To support this argument, we characterize the disturbance vectors which are used to build local collision attacks as a linear code. This linear code is the xor-sum of two codes, the message expansion code and a linear code rep...
متن کاملar X iv : c s / 06 06 05 1 v 1 [ cs . I T ] 1 2 Ju n 20 06 Minimum Pseudo - Weight and Minimum Pseudo - Codewords of LDPC Codes ∗
In this correspondence, we study the minimum pseudo-weight and minimum pseudo-codewords of low-density parity-check (LDPC) codes under linear programming (LP) decoding. First, we show that the lower bound of Kelly, Sridhara, Xu and Rosenthal on the pseudo-weight of a pseudo-codeword of an LDPC code with girth greater than 4 is tight if and only if this pseudo-codeword is a real multiple of a co...
متن کاملMaximal Independent Sets for the Pixel Expansion of Graph Access Structure
Abstract : A visual cryptography scheme based on a given graph G is a method to distribute a secret image among the vertices of G, the participants, so that a subset of participants can recover the secret image if they contain an edge of G, by stacking their shares, otherwise they can obtain no information regarding the secret image. In this paper a maximal independent sets of the graph G was ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2005 شماره
صفحات -
تاریخ انتشار 2005