Attacking SHA

Monday is my turn to give a presentation at the security reading group, which meets Mondays at 3 pm in the CERIAS conference room (aka REC 217). My topic is attacks on the hash functions SHA-0 and SHA-1; I will be walking through some of the recent work looking for ways to find collisions.

Why that particular topic? I was curious how those attacks worked myself, and this seemed as good a way as any to force myself to read the relevant papers.

Since there’s almost always empty seats available at the reading group’s meetings, if you’re on campus and want to attend the presentation, you’re more than welcome to show up. I’ll post the presentation slides here afterwards.

The announcement sent out to the reading group’s mailing list follows.

You’ve probably heard about recent work breaking SHA-0 and making headway against SHA-1, but have you ever wondered how those attacks work? What does it take to attack their compression function? Why does a one-bit rotation make so much difference? And just how much work is needed to find a collision anyway?

My presentation on Monday will tackle as many of these questions as time permits. We’ll start with Chabaud & Joux’s attack on the SHA-0 compression function, which serves as the foundation for most other attacks. From there, we’ll look at more advanced techniques such as neutral bit manipulation and introduce some of the most recent work on attacking SHA-1.

I promise plenty of colorful diagrams.

Since this is a reading group, I would be remiss if I didn’t suggest at least one paper for you to read beforehand:

Chabaud & Joux, “Differential Collisions in SHA-0″ (CRYPTO ’98)

If you’re feeling really industrious, here’s three more:

Biham & Chen, “Near-Collisions of SHA-0″ (CRYPTO ’04)

Wang, Yu, & Yin, “Efficient Collision Search Attacks on SHA-0″ (CRYPTO ’05)

Wang, Yin, & Yu, “Finding Collisions in the Full SHA-1″ (CRYPTO ’05)

4 Responses

  1. Wow! I wish my college had a security reading group! As dorky as it sounds, I’m kind of jealous. I did get to see Fred Cohen speak at my college last week, (the first person to write a computer virus). That was pretty cool…..

  2. I’ll see you a Cohen last week and raise you a Ron Rivest next month.

  3. If I didn’t already have something planned, I just might have driven up to hear it. I’ll look forward to the slides. I found this discussion very interesting on the MD5 side of things. I wonder how much the attacks have in common.

  4. Presentation slides are here.

Comments are closed.