{"title":"SHA-256 Collision Attack with Programmatic SAT","authors":"Nahiyan Alamgir, Saeed Nejati, Curtis Bright","doi":"arxiv-2406.20072","DOIUrl":null,"url":null,"abstract":"Cryptographic hash functions play a crucial role in ensuring data security,\ngenerating fixed-length hashes from variable-length inputs. The hash function\nSHA-256 is trusted for data security due to its resilience after over twenty\nyears of intense scrutiny. One of its critical properties is collision\nresistance, meaning that it is infeasible to find two different inputs with the\nsame hash. Currently, the best SHA-256 collision attacks use differential\ncryptanalysis to find collisions in simplified versions of SHA-256 that are\nreduced to have fewer steps, making it feasible to find collisions. In this paper, we use a satisfiability (SAT) solver as a tool to search for\nstep-reduced SHA-256 collisions, and dynamically guide the solver with the aid\nof a computer algebra system (CAS) used to detect inconsistencies and deduce\ninformation that the solver would otherwise not detect on its own. Our hybrid\nSAT + CAS solver significantly outperformed a pure SAT approach, enabling us to\nfind collisions in step-reduced SHA-256 with significantly more steps. Using\nSAT + CAS, we find a 38-step collision of SHA-256 with a modified\ninitialization vector -- something first found by a highly sophisticated search\ntool of Mendel, Nad, and Schl\\\"affer. Conversely, a pure SAT approach could\nfind collisions for no more than 28 steps. However, our work only uses the SAT\nsolver CaDiCaL and its programmatic interface IPASIR-UP.","PeriodicalId":501033,"journal":{"name":"arXiv - CS - Symbolic Computation","volume":"41 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Symbolic Computation","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2406.20072","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Cryptographic hash functions play a crucial role in ensuring data security,
generating fixed-length hashes from variable-length inputs. The hash function
SHA-256 is trusted for data security due to its resilience after over twenty
years of intense scrutiny. One of its critical properties is collision
resistance, meaning that it is infeasible to find two different inputs with the
same hash. Currently, the best SHA-256 collision attacks use differential
cryptanalysis to find collisions in simplified versions of SHA-256 that are
reduced to have fewer steps, making it feasible to find collisions. In this paper, we use a satisfiability (SAT) solver as a tool to search for
step-reduced SHA-256 collisions, and dynamically guide the solver with the aid
of a computer algebra system (CAS) used to detect inconsistencies and deduce
information that the solver would otherwise not detect on its own. Our hybrid
SAT + CAS solver significantly outperformed a pure SAT approach, enabling us to
find collisions in step-reduced SHA-256 with significantly more steps. Using
SAT + CAS, we find a 38-step collision of SHA-256 with a modified
initialization vector -- something first found by a highly sophisticated search
tool of Mendel, Nad, and Schl\"affer. Conversely, a pure SAT approach could
find collisions for no more than 28 steps. However, our work only uses the SAT
solver CaDiCaL and its programmatic interface IPASIR-UP.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
