CryptoDB
New Collision Attacks on Round-Reduced SHA-512
| Authors: |
|
|---|---|
| Download: | |
| Conference: | CRYPTO 2025 |
| Abstract: | Although a memory-efficient practical collision attack has been recently proposed for 31-step \shas at ASIACRYPT 2024, the best practical collision attack on \shass still only reaches 28 steps, and the best theoretic collision attack on 31-step \shass has the time complexity of $2^{97.3}$. This is mainly due to the large state of \shass compared with \shas, despite their structural similarity. To enhance the collision attacks on \shass, we propose a new local collision by injecting difference at the message words $(W_9, W_{10}, W_{14}, W_{17}, W_{19})$, allowing us to achieve the first practical collision attack on 29 steps of \shass. Moreover, to improve the collision attack on 31-step \shass, we improve Liu et al.'s method to model the signed difference transition through Boolean functions, by introducing a novel model to capture the 2-bit conditions, which frequently occur in \shass characteristics. In this way, we can further improve the 31-step \shass characteristic and reduce the time complexity of the collision attack on 31-step \shass from $2^{97.3}$ to $2^{85.5}$. |
BibTeX
@inproceedings{crypto-2025-35575,
title={New Collision Attacks on Round-Reduced SHA-512},
publisher={Springer-Verlag},
author={Yingxin Li and Fukang Liu and Gaoli Wang and Haifeng Qian and Keting Jia and Xiangyu Kong},
year=2025
}