Practical Free-Start Collision Attacks on 76-step SHA-1

Abstract : In this paper we analyze the security of the compression function of SHA-1 against collision attacks, or equivalently free-start collisions on the hash function. While a lot of work has been dedicated to the analysis of SHA-1 in the past decade, this is the first time that free-start collisions have been considered for this function. We exploit the additional freedom provided by this model by using a new start-from-the-middle approach in combination with improvements on the cryptanalysis tools that have been developed for SHA-1 in the recent years. This results in particular in better differential paths than the ones used for hash function collisions so far. Overall, our attack requires about $2^{50}$ evaluations of the compression function in order to compute a one-block free-start collision for a 76-step reduced version, which is so far the highest number of steps reached for a collision on the SHA-1 compression function. We have developed an efficient GPU framework for the highly branching code typical of a cryptanalytic collision attack and used it in an optimized implementation of our attack on recent GTX-970 GPUs. We report that a single cheap US$350 GTX-970 is sufficient to find the collision in less than 5 days. This showcases how recent mainstream GPUs seem to be a good platform for expensive and even highly-branching cryptanalysis computations. Finally, our work should be taken as a reminder that cryptanalysis on SHA-1 continues to improve. This is yet another proof that the industry should quickly move away from using this function.
Type de document :
Communication dans un congrès
Rosario Gennaro; Matthew Robshaw. 35th International Cryptology Conference - CRYPTO 2015, Aug 2015, Santa Barbara, United States. Springer, pp.623-642, Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference. 〈https://www.iacr.org/conferences/crypto2015/〉. 〈10.1007/978-3-662-47989-6_30〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01183066
Contributeur : Pierre Karpman <>
Soumis le : jeudi 6 août 2015 - 10:38:53
Dernière modification le : jeudi 10 mai 2018 - 02:06:51

Lien texte intégral

Identifiants

Citation

Pierre Karpman, Thomas Peyrin, Marc Stevens. Practical Free-Start Collision Attacks on 76-step SHA-1. Rosario Gennaro; Matthew Robshaw. 35th International Cryptology Conference - CRYPTO 2015, Aug 2015, Santa Barbara, United States. Springer, pp.623-642, Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference. 〈https://www.iacr.org/conferences/crypto2015/〉. 〈10.1007/978-3-662-47989-6_30〉. 〈hal-01183066〉

Partager

Métriques

Consultations de la notice

290