Abstract

Hash functions are the Swiss army knife for cryptographers. Password protection, digital signatures (also in a potential post-quantum period) are applications where they surface outside the cryptographic community. Not only are almost all popular hash functions based on the same design principle, it also turned out that designers were not conservative enough. Spectacular practical attacks (e.g. on MD5 ) were the result in recent years, and standardization organisations look for replacements.

The ubiquitously used SHA -1 exhibits a higher resistance against shortcut collision search attacks. Still, to motivate the shift away from SHA -1, we found a new shortcut attack which is estimated to be around a million times faster than generic attacks. The workfactor is still very high and hence we started a distributed computing project to find the first SHA -1 collision: SHA-1 Collision Search Graz

Many applications of hash functions do not require collision resistance but rely on properties that are generally assumed to be much harder to violate (like resistance against inversion attacks). Nevertheless, some of our very recent results indicate that also here, we might see a development similar to collision attacks.