CryptoDB
Notes on the Wang et al. $2^{63}$ SHA-1 Differential Path
| Authors: | |
|---|---|
| Download: | |
| Abstract: | Although advances in SHA-1 cryptanalysis have been made since the 2005 announcement of a $2^{63}$ attack by Wang et al., the details of the attack have not yet been presented or verified. This note does just that. Working from Adi Shamir's 2005 CRYPTO rump session presentation of Wang et al.'s work, this note verifies and presents the differential path and associated conditions. Although the error analysis for the advanced condition correction technique is not verified, a method is presented which yields a two-block collision attack on SHA-1 requiring an estimated $2^{62}$ SHA-1 computations if the original error analysis by Wang et al. is correct. The differential path is presented for only the first block of the two-block attack, but the second block path likely differs from the first in only the first 10 steps and could be derived from the information presented here. |
BibTeX
@misc{eprint-2007-13754,
title={Notes on the Wang et al. $2^{63}$ SHA-1 Differential Path},
booktitle={IACR Eprint archive},
keywords={cryptographic protocols / Cryptographic Hash Functions, Cryptanalysis, SHA-1},
url={http://eprint.iacr.org/2007/474},
note={ Martin.Cochran@colorado.edu 13866 received 18 Dec 2007, last revised 19 Dec 2007},
author={Martin Cochran},
year=2007
}