English

应用科学学报

• 论文 •    下一篇

SHA-256压缩函数的结构安全性

李 超1 魏悦川1 孙 兵2   

  1. 1.国防科技大学数学与系统科学系,湖南 长沙410073;
    2.东南大学 移动通信国家重点实验室,江苏 南京210096
  • 收稿日期:2006-11-01 修回日期:2007-09-25 出版日期:2008-01-31 发布日期:2008-01-31

Structure Security of Compress Function of SHA-256

LI Chao1 WEI Yue-chuan1 SUN Bing2   

  1. 1. Department of Mathematics and System Science, National University of Defense Technology, Changsha 410073, China;
    2. State Key Laboratory of Mobile Communication, Southeast University, Nanjing 210096, China
  • Received:2006-11-01 Revised:2007-09-25 Online:2008-01-31 Published:2008-01-31

被引次数

10

摘要: 给出了SHA-256压缩函数的3个变种形式,分别分析了它们抵抗Chabaud-Joux攻击的能力,并与对SHA-256的攻击结果进行比较,其中SHA-2A部分碰撞的复杂度与SHA-256近似,SHA-2B不能以较小复杂度找到碰撞,但是结构上存在其他弱点。SHA-2C的安全强度远远低于SHA-256。作为实例,我们给出了安全性较为脆弱的SHA-256变种的部分碰撞。结果表明:SHA-256压缩函数的结构选择较大程度地影响其安全性。

关键词: Hash函数, 碰撞攻击, SHA-256, SHA-256变种, 压缩函数, 部分碰撞

Abstract: The paper presents three kinds of variant forms of compression functions of SHA-256, and analyzes security of three variants against the Chabaud-Joux attack compared with SHA-256. The complexity of finding a local collision in SHA-2A is similar to SHA-256,SHA-2B does not exist a low complexity collision, but exist other faults in it’s structure,while SHA-2C is far insecure than SHA-256. Furthermore, a local collision in the vulnerable variant is presented. It follows that the selection of the compression function’s structure highly affects the complexity of the attacks.

Key words: Hash function, collision attack, local collision
, SHA-256, SHA-256 variant, compress function