International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Turbo SHA-2

Danilo Gligoroski
Svein Johan Knapskog
Search ePrint
Search Google
Abstract: In this paper we describe the construction of Turbo SHA-2 family of cryptographic hash functions. They are built with design components from the SHA-2 family, but the new hash function has three times more chaining variables, it is more robust and resistant against generic multi-block collision attacks, its design is resistant against generic length extension attacks and it is 2 - 8 times faster than the original SHA-2. It uses two novel design principles in the design of hash functions: {\em 1. Computations in the iterative part of the compression function start by using variables produced in the message expansion part that have the complexity level of a random Boolean function, 2. Variables produced in the message expansion part are not discarded after the processing of the current message block, but are used for the construction of the three times wider chain for the next message block.} These two novel principles combined with the already robust design principles present in SHA-2 (such as the nonlinear message expansion part), enabled us to build the compression function of Turbo SHA-2 that has just 16 new variables in the message expansion part (compared to 48 for SHA-256 and 64 for SHA-512) and just 8 rounds in the iterative part (compared to 64 for SHA-256 and 80 for SHA-512).
  title={Turbo SHA-2},
  booktitle={IACR Eprint archive},
  keywords={Cryptographic hash function, SHA-2, Turbo SHA-2},
  note={ 13812 received 19 Oct 2007, last revised 26 Oct 2007},
  author={Danilo Gligoroski and Svein Johan Knapskog},