New Collision Attacks on Round-Reduced SHA-512

Yingxin Li; Fukang Liu; Gaoli Wang; Haifeng Qian; Keting Jia; Xiangyu Kong

doi:10.1007/978-3-032-01901-1_7

New Collision Attacks on Round-Reduced SHA-512

Yingxin Li
, Fukang Liu
, Gaoli Wang^*
, Haifeng Qian
, Keting Jia
, Xiangyu Kong

^*此作品的通讯作者

软件工程学院

East China Normal University
Institute of Science Tokyo
Tsinghua University
Zhongguancun Laboratory

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

1 引用（Scopus）

摘要

The SHA-2 family primarily includes two versions, SHA-256 and SHA-512. Although a memory-efficient practical collision attack has been recently proposed for 31-step SHA-256 at ASIACRYPT 2024, the best practical collision attack on SHA-512 still only reaches 28 steps, and the best theoretic collision attack on 31-step SHA-512 has the time complexity of 2^97.3. This is mainly due to the large state of SHA-512 compared with SHA-256, despite their structural similarity. To enhance the collision attacks on SHA-512, we propose a new local collision by injecting difference at the message words (W₉,W₁₀,W₁₄,W₁₇,W₁₉), allowing us to achieve the first practical collision attack on 29 steps of SHA-512. Moreover, to improve the collision attack on 31-step SHA-512, we improve Liu et al.’s method to model the signed difference transition through Boolean functions, by introducing a novel model to capture the 2-bit conditions, which frequently occur in SHA-512 characteristics. In this way, we can further improve the 31-step SHA-512 characteristic and reduce the time complexity of the collision attack on 31-step SHA-512 from 2^97.3 to 2^85.5.

源语言	英语
主期刊名	Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings
编辑	Yael Tauman Kalai, Seny F. Kamara
出版商	Springer Science and Business Media Deutschland GmbH
页	200-229
页数	30
ISBN（印刷版）	9783032019004
DOI	https://doi.org/10.1007/978-3-032-01901-1_7
出版状态	已出版 - 2025
活动	45th Annual International Cryptology Conference, CRYPTO 2025 - Santa Barbara, 美国期限: 17 8月 2025 → 21 8月 2025

出版系列

姓名	Lecture Notes in Computer Science
卷	16004 LNCS
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	45th Annual International Cryptology Conference, CRYPTO 2025
国家/地区	美国
市	Santa Barbara
时期	17/08/25 → 21/08/25

访问文件

10.1007/978-3-032-01901-1_7

其它文件与链接

链接到 Scopus 的出版物

引用此

Li, Y., Liu, F., Wang, G., Qian, H., Jia, K., & Kong, X. (2025). New Collision Attacks on Round-Reduced SHA-512. 在 Y. Tauman Kalai, & S. F. Kamara (编辑), Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings (页码 200-229). (Lecture Notes in Computer Science; 卷 16004 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-032-01901-1_7

@inproceedings{93632794ce8a45e4aa6d8f0dce097311,

title = "New Collision Attacks on Round-Reduced SHA-512",

abstract = "The SHA-2 family primarily includes two versions, SHA-256 and SHA-512. Although a memory-efficient practical collision attack has been recently proposed for 31-step SHA-256 at ASIACRYPT 2024, the best practical collision attack on SHA-512 still only reaches 28 steps, and the best theoretic collision attack on 31-step SHA-512 has the time complexity of 297.3. This is mainly due to the large state of SHA-512 compared with SHA-256, despite their structural similarity. To enhance the collision attacks on SHA-512, we propose a new local collision by injecting difference at the message words (W9,W10,W14,W17,W19), allowing us to achieve the first practical collision attack on 29 steps of SHA-512. Moreover, to improve the collision attack on 31-step SHA-512, we improve Liu et al.{\textquoteright}s method to model the signed difference transition through Boolean functions, by introducing a novel model to capture the 2-bit conditions, which frequently occur in SHA-512 characteristics. In this way, we can further improve the 31-step SHA-512 characteristic and reduce the time complexity of the collision attack on 31-step SHA-512 from 297.3 to 285.5.",

keywords = "SAT/SMT, SHA-512, practical collision attack",

author = "Yingxin Li and Fukang Liu and Gaoli Wang and Haifeng Qian and Keting Jia and Xiangyu Kong",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2025.; 45th Annual International Cryptology Conference, CRYPTO 2025 ; Conference date: 17-08-2025 Through 21-08-2025",

year = "2025",

doi = "10.1007/978-3-032-01901-1\_7",

language = "英语",

isbn = "9783032019004",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "200--229",

editor = "\{Tauman Kalai\}, Yael and Kamara, \{Seny F.\}",

booktitle = "Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings",

address = "德国",

}

Li, Y, Liu, F, Wang, G , Qian, H, Jia, K & Kong, X 2025, New Collision Attacks on Round-Reduced SHA-512. 在 Y Tauman Kalai & SF Kamara (编辑), Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings. Lecture Notes in Computer Science, 卷 16004 LNCS, Springer Science and Business Media Deutschland GmbH, 页码 200-229, 45th Annual International Cryptology Conference, CRYPTO 2025, Santa Barbara, 美国, 17/08/25. https://doi.org/10.1007/978-3-032-01901-1_7

New Collision Attacks on Round-Reduced SHA-512. / Li, Yingxin; Liu, Fukang; Wang, Gaoli 等.
Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings. 编辑 / Yael Tauman Kalai; Seny F. Kamara. Springer Science and Business Media Deutschland GmbH, 2025. 页码 200-229 (Lecture Notes in Computer Science; 卷 16004 LNCS).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - New Collision Attacks on Round-Reduced SHA-512

AU - Li, Yingxin

AU - Liu, Fukang

AU - Wang, Gaoli

AU - Qian, Haifeng

AU - Jia, Keting

AU - Kong, Xiangyu

N1 - Publisher Copyright: © International Association for Cryptologic Research 2025.

PY - 2025

Y1 - 2025

N2 - The SHA-2 family primarily includes two versions, SHA-256 and SHA-512. Although a memory-efficient practical collision attack has been recently proposed for 31-step SHA-256 at ASIACRYPT 2024, the best practical collision attack on SHA-512 still only reaches 28 steps, and the best theoretic collision attack on 31-step SHA-512 has the time complexity of 297.3. This is mainly due to the large state of SHA-512 compared with SHA-256, despite their structural similarity. To enhance the collision attacks on SHA-512, we propose a new local collision by injecting difference at the message words (W9,W10,W14,W17,W19), allowing us to achieve the first practical collision attack on 29 steps of SHA-512. Moreover, to improve the collision attack on 31-step SHA-512, we improve Liu et al.’s method to model the signed difference transition through Boolean functions, by introducing a novel model to capture the 2-bit conditions, which frequently occur in SHA-512 characteristics. In this way, we can further improve the 31-step SHA-512 characteristic and reduce the time complexity of the collision attack on 31-step SHA-512 from 297.3 to 285.5.

AB - The SHA-2 family primarily includes two versions, SHA-256 and SHA-512. Although a memory-efficient practical collision attack has been recently proposed for 31-step SHA-256 at ASIACRYPT 2024, the best practical collision attack on SHA-512 still only reaches 28 steps, and the best theoretic collision attack on 31-step SHA-512 has the time complexity of 297.3. This is mainly due to the large state of SHA-512 compared with SHA-256, despite their structural similarity. To enhance the collision attacks on SHA-512, we propose a new local collision by injecting difference at the message words (W9,W10,W14,W17,W19), allowing us to achieve the first practical collision attack on 29 steps of SHA-512. Moreover, to improve the collision attack on 31-step SHA-512, we improve Liu et al.’s method to model the signed difference transition through Boolean functions, by introducing a novel model to capture the 2-bit conditions, which frequently occur in SHA-512 characteristics. In this way, we can further improve the 31-step SHA-512 characteristic and reduce the time complexity of the collision attack on 31-step SHA-512 from 297.3 to 285.5.

KW - SAT/SMT

KW - SHA-512

KW - practical collision attack

UR - https://www.scopus.com/pages/publications/105014148728

U2 - 10.1007/978-3-032-01901-1_7

DO - 10.1007/978-3-032-01901-1_7

M3 - 会议稿件

AN - SCOPUS:105014148728

SN - 9783032019004

T3 - Lecture Notes in Computer Science

SP - 200

EP - 229

BT - Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings

A2 - Tauman Kalai, Yael

A2 - Kamara, Seny F.

PB - Springer Science and Business Media Deutschland GmbH

T2 - 45th Annual International Cryptology Conference, CRYPTO 2025

Y2 - 17 August 2025 through 21 August 2025

ER -

Li Y, Liu F, Wang G , Qian H, Jia K, Kong X. New Collision Attacks on Round-Reduced SHA-512. 在 Tauman Kalai Y, Kamara SF, 编辑, Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. 页码 200-229. (Lecture Notes in Computer Science). doi: 10.1007/978-3-032-01901-1_7

New Collision Attacks on Round-Reduced SHA-512

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此