On Corrective Patterns for the SHA-2 Family.

摘要: The Secure Hash Standard (SHS) [3] includes hashing algorithms denoted SHA-n, n ∈ 224, 256, 384, 512 for producing message digests of length n. These are based on a common design, sometimes known as SHA-2, that consists schedule and register. most successful attacks the SHA Chabaud-Joux differential collisions [1, 2, 4, 5, 7], which finding corrective pattern Previous analysis SHA-2 algoritms [4] indicated that, all algorithms, best has probability 2−66. We find complexity obtaining collision is 2 when register state unknown. Of this complexity, factor corresponds to conditions internal must be satisfied, 30 bits guessed correctly in order generate collision. When (as case generating hash) then reduced 2. simple determines limits was sufficient at time conclude resist attacks. In claimed compared against birthday attack bound However, can converted into second pre-image should greater than accounting per pattern, previous yields lower bounds complexities SHA224/256 SHA-224/256. significantly less bound. It no longer certain resists attack. More detailed required.