Quantum Collision Attacks on Reduced SHA-256 and SHA-512

In this paper, we study dedicated quantum collision attacks on SHA-256 and SHA-512 for the first time. The attacks reach 38 and 39 steps, respectively, which significantly improve the classical attacks for 31 and 27 steps. Both attacks adopt the framework of the previous work that converts many semi...

Full description

Saved in:
Bibliographic Details
Published inAdvances in Cryptology – CRYPTO 2021 pp. 616 - 646
Main Authors Hosoyamada, Akinori, Sasaki, Yu
Format Book Chapter
LanguageEnglish
Published Cham Springer International Publishing 2021
SeriesLecture Notes in Computer Science
Subjects
Collision attack
Conversion from semi-free-start collisions
Hash function
Quantum attack
SHA-256
SHA-512
Symmetric key cryptography
Online AccessGet full text

Cover

More Information
Summary:In this paper, we study dedicated quantum collision attacks on SHA-256 and SHA-512 for the first time. The attacks reach 38 and 39 steps, respectively, which significantly improve the classical attacks for 31 and 27 steps. Both attacks adopt the framework of the previous work that converts many semi-free-start collisions into a 2-block collision, and are faster than the generic attack in the cost metric of time-space tradeoff. We observe that the number of required semi-free-start collisions can be reduced in the quantum setting, which allows us to convert the previous classical 38 and 39 step semi-free-start collisions into a collision. The idea behind our attacks is simple and will also be applicable to other cryptographic hash functions.
ISBN:303084241X
9783030842413
ISSN:0302-9743
1611-3349
DOI:10.1007/978-3-030-84242-0_22