针对减宽SHA-1算法的模差分攻击分析

Analysis of SHA-1 with Reducing Width for Modular Differential Attack

作者：胡云山(解放军信息工程大学; 数学工程与先进计算国家重点实验室)；申意(解放军信息工程大学)；曾光(解放军信息工程大学)；韩文报(解放军信息工程大学; 数学工程与先进计算国家重点实验室)

Author：HU Yun-Shan(The PLA Information Engineering University; State Key Laboratory of Mathematical Engineering and Advanced Computing)；SHEN Yi(The PLA Information Engineering University)；ZENG Guang(The PLA Information Engineering University)；HAN Wen-Bao(The PLA Information Engineering University; State Key Laboratory of Mathematical Engineering and Advanced Computing)

收稿日期：2015-07-08 年卷（期）页码：2016,53(5):1041-1048

期刊名称：四川大学学报: 自然科学版

Journal Name：Journal of Sichuan University (Natural Science Edition)

关键字：密码学; Hash函数; SHA-1; 模差分攻击; 扰动向量;

Key words：cryptology; Hash function; SHA-1; modular differential attack; disturbance vector;

基金项目：国家重点实验室

中文摘要

模差分攻击技术是SHA-1随机碰撞攻击中重要分析方法之一.针对减宽的SHA-1算法,该文得出了减宽的部分碰撞定理并给出了减宽SHA-1算法单一部分碰撞的概率,证明了模差分攻击技术同样适用于减宽的SHA-1算法.通过理论分析和计算机搜索,该文证明了对于宽为比特的SHA-1算法,当且仅当n>3时,最优扰动向量的汉明重为25;当且仅当n>8 时,最优扰动向量只有type-I与type-II两个等价类.

英文摘要

Modular differential attack is one of the important methods in SHA-1 collision attacks. In allusion to width-reduced SHA-1 algorithm, the width-reduced local collisions theorems are deduced in this paper, and the probability of local collisions in width-reduced SHA-1 algorithm is proposed. Thus, modular differential attack is proved to be appropriate for width-reduced SHA-1 algorithm. By means of theoretical analysis and computer search, it is proved that for n-bit SHA-1 algorithm, the hamming weight of the optimum disturbance vector is 25 if and only if n>3; and when and only when n>8, the optimum disturbance vector has no other equivalence class than type- I and type-II.

【关闭】

论文摘要

针对减宽SHA-1算法的模差分攻击分析

Analysis of SHA-1 with Reducing Width for Modular Differential Attack