New Collision Attacks on Round-Reduced SHA-512

Yingxin Li; Fukang Liu; Gaoli Wang; Haifeng Qian; Keting Jia; Xiangyu Kong

doi:10.1007/978-3-032-01901-1_7

New Collision Attacks on Round-Reduced SHA-512

Yingxin Li, Fukang Liu, Gaoli Wang, Haifeng Qian, Keting Jia, Xiangyu Kong

Software Engineering Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The SHA-2 family primarily includes two versions, SHA-256 and SHA-512. Although a memory-efficient practical collision attack has been recently proposed for 31-step SHA-256 at ASIACRYPT 2024, the best practical collision attack on SHA-512 still only reaches 28 steps, and the best theoretic collision attack on 31-step SHA-512 has the time complexity of 2^97.3. This is mainly due to the large state of SHA-512 compared with SHA-256, despite their structural similarity. To enhance the collision attacks on SHA-512, we propose a new local collision by injecting difference at the message words (W₉,W₁₀,W₁₄,W₁₇,W₁₉), allowing us to achieve the first practical collision attack on 29 steps of SHA-512. Moreover, to improve the collision attack on 31-step SHA-512, we improve Liu et al.’s method to model the signed difference transition through Boolean functions, by introducing a novel model to capture the 2-bit conditions, which frequently occur in SHA-512 characteristics. In this way, we can further improve the 31-step SHA-512 characteristic and reduce the time complexity of the collision attack on 31-step SHA-512 from 2^97.3 to 2^85.5.

Original language	English
Title of host publication	Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings
Editors	Yael Tauman Kalai, Seny F. Kamara
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	200-229
Number of pages	30
ISBN (Print)	9783032019004
DOIs	https://doi.org/10.1007/978-3-032-01901-1_7
State	Published - 2025
Event	45th Annual International Cryptology Conference, CRYPTO 2025 - Santa Barbara, United States Duration: 17 Aug 2025 → 21 Aug 2025

Publication series

Name	Lecture Notes in Computer Science
Volume	16004 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	45th Annual International Cryptology Conference, CRYPTO 2025
Country/Territory	United States
City	Santa Barbara
Period	17/08/25 → 21/08/25

Keywords

SAT/SMT
SHA-512
practical collision attack

Access to Document

10.1007/978-3-032-01901-1_7

Cite this

Li, Y., Liu, F., Wang, G., Qian, H., Jia, K., & Kong, X. (2025). New Collision Attacks on Round-Reduced SHA-512. In Y. Tauman Kalai, & S. F. Kamara (Eds.), Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings (pp. 200-229). (Lecture Notes in Computer Science; Vol. 16004 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-032-01901-1_7

@inproceedings{93632794ce8a45e4aa6d8f0dce097311,

title = "New Collision Attacks on Round-Reduced SHA-512",

abstract = "The SHA-2 family primarily includes two versions, SHA-256 and SHA-512. Although a memory-efficient practical collision attack has been recently proposed for 31-step SHA-256 at ASIACRYPT 2024, the best practical collision attack on SHA-512 still only reaches 28 steps, and the best theoretic collision attack on 31-step SHA-512 has the time complexity of 297.3. This is mainly due to the large state of SHA-512 compared with SHA-256, despite their structural similarity. To enhance the collision attacks on SHA-512, we propose a new local collision by injecting difference at the message words (W9,W10,W14,W17,W19), allowing us to achieve the first practical collision attack on 29 steps of SHA-512. Moreover, to improve the collision attack on 31-step SHA-512, we improve Liu et al.{\textquoteright}s method to model the signed difference transition through Boolean functions, by introducing a novel model to capture the 2-bit conditions, which frequently occur in SHA-512 characteristics. In this way, we can further improve the 31-step SHA-512 characteristic and reduce the time complexity of the collision attack on 31-step SHA-512 from 297.3 to 285.5.",

keywords = "SAT/SMT, SHA-512, practical collision attack",

author = "Yingxin Li and Fukang Liu and Gaoli Wang and Haifeng Qian and Keting Jia and Xiangyu Kong",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2025.; 45th Annual International Cryptology Conference, CRYPTO 2025 ; Conference date: 17-08-2025 Through 21-08-2025",

year = "2025",

doi = "10.1007/978-3-032-01901-1\_7",

language = "英语",

isbn = "9783032019004",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "200--229",

editor = "\{Tauman Kalai\}, Yael and Kamara, \{Seny F.\}",

booktitle = "Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings",

address = "德国",

}

Li, Y, Liu, F, Wang, G , Qian, H, Jia, K & Kong, X 2025, New Collision Attacks on Round-Reduced SHA-512. in Y Tauman Kalai & SF Kamara (eds), Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings. Lecture Notes in Computer Science, vol. 16004 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 200-229, 45th Annual International Cryptology Conference, CRYPTO 2025, Santa Barbara, United States, 17/08/25. https://doi.org/10.1007/978-3-032-01901-1_7

New Collision Attacks on Round-Reduced SHA-512. / Li, Yingxin; Liu, Fukang; Wang, Gaoli et al.
Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings. ed. / Yael Tauman Kalai; Seny F. Kamara. Springer Science and Business Media Deutschland GmbH, 2025. p. 200-229 (Lecture Notes in Computer Science; Vol. 16004 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - New Collision Attacks on Round-Reduced SHA-512

AU - Li, Yingxin

AU - Liu, Fukang

AU - Wang, Gaoli

AU - Qian, Haifeng

AU - Jia, Keting

AU - Kong, Xiangyu

N1 - Publisher Copyright: © International Association for Cryptologic Research 2025.

PY - 2025

Y1 - 2025

N2 - The SHA-2 family primarily includes two versions, SHA-256 and SHA-512. Although a memory-efficient practical collision attack has been recently proposed for 31-step SHA-256 at ASIACRYPT 2024, the best practical collision attack on SHA-512 still only reaches 28 steps, and the best theoretic collision attack on 31-step SHA-512 has the time complexity of 297.3. This is mainly due to the large state of SHA-512 compared with SHA-256, despite their structural similarity. To enhance the collision attacks on SHA-512, we propose a new local collision by injecting difference at the message words (W9,W10,W14,W17,W19), allowing us to achieve the first practical collision attack on 29 steps of SHA-512. Moreover, to improve the collision attack on 31-step SHA-512, we improve Liu et al.’s method to model the signed difference transition through Boolean functions, by introducing a novel model to capture the 2-bit conditions, which frequently occur in SHA-512 characteristics. In this way, we can further improve the 31-step SHA-512 characteristic and reduce the time complexity of the collision attack on 31-step SHA-512 from 297.3 to 285.5.

AB - The SHA-2 family primarily includes two versions, SHA-256 and SHA-512. Although a memory-efficient practical collision attack has been recently proposed for 31-step SHA-256 at ASIACRYPT 2024, the best practical collision attack on SHA-512 still only reaches 28 steps, and the best theoretic collision attack on 31-step SHA-512 has the time complexity of 297.3. This is mainly due to the large state of SHA-512 compared with SHA-256, despite their structural similarity. To enhance the collision attacks on SHA-512, we propose a new local collision by injecting difference at the message words (W9,W10,W14,W17,W19), allowing us to achieve the first practical collision attack on 29 steps of SHA-512. Moreover, to improve the collision attack on 31-step SHA-512, we improve Liu et al.’s method to model the signed difference transition through Boolean functions, by introducing a novel model to capture the 2-bit conditions, which frequently occur in SHA-512 characteristics. In this way, we can further improve the 31-step SHA-512 characteristic and reduce the time complexity of the collision attack on 31-step SHA-512 from 297.3 to 285.5.

KW - SAT/SMT

KW - SHA-512

KW - practical collision attack

UR - https://www.scopus.com/pages/publications/105014148728

U2 - 10.1007/978-3-032-01901-1_7

DO - 10.1007/978-3-032-01901-1_7

M3 - 会议稿件

AN - SCOPUS:105014148728

SN - 9783032019004

T3 - Lecture Notes in Computer Science

SP - 200

EP - 229

BT - Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings

A2 - Tauman Kalai, Yael

A2 - Kamara, Seny F.

PB - Springer Science and Business Media Deutschland GmbH

T2 - 45th Annual International Cryptology Conference, CRYPTO 2025

Y2 - 17 August 2025 through 21 August 2025

ER -

Li Y, Liu F, Wang G , Qian H, Jia K, Kong X. New Collision Attacks on Round-Reduced SHA-512. In Tauman Kalai Y, Kamara SF, editors, Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 200-229. (Lecture Notes in Computer Science). doi: 10.1007/978-3-032-01901-1_7