CryptoDB
On Collisions of Hash Functions Turbo SHA-2
| Authors: | |
|---|---|
| Download: | |
| Abstract: | In this paper we don't examine security of Turbo SHA-2 completely; we only show new collision attacks on it, with smaller complexity than it was considered by Turbo SHA-2 authors. In [1] they consider Turbo SHA-224/256-r and Turbo SHA-384/512-r with variable number of rounds r from 1 to 8. The authors of [1] show collision attack on Turbo SHA-256-1 with one round which has the complexity of 2^64. For other r from 2 to 8 they don't find better attack than with the complexity of 2^128. Similarly, for Turbo SHA-512 they find only collision attack on Turbo SHA-512-1 with one round which has the complexity of 2^128. For r from 2 to 8 they don't find better attack than with the complexity of 2^256. In this paper we show collision attack on SHA-256-r for r = 1, 2,..., 8 with the complexity of 2^{16*r}. We also show collision attack on Turbo SHA-512-r for r = 1, 2,..., 8 with the complexity of 2^{32*r}. It follows that the only one remaining candidate from the hash family Turbo SHA is Turbo SHA-256 (and Turbo SHA-512) with 8 rounds. The original security reserve of 6 round has been lost. |
BibTeX
@misc{eprint-2008-17680,
title={On Collisions of Hash Functions Turbo SHA-2},
booktitle={IACR Eprint archive},
keywords={secret-key cryptography / Turbo SHA-2, collision attack},
url={http://eprint.iacr.org/2008/003},
note={ v.klima@volny.cz 13879 received 1 Jan 2008},
author={Vlastimil Klima},
year=2008
}