History of Hash Function Attacks

Zooko Wilcox | Feb 24, 2017

The SHA-1 hash function, which has long been considered insecure, is now officially broken as of yesterday. Given the renewed interest in hash function collisions, I'd like to point out an article I wrote about attacks on secure hash functions, in the hopes that you will find it useful and interesting.

You can can read the full article at https://z.cash/technology/history-of-hash-function-attacks.html.

The main result of this investigation is that a cryptosystem invulnerable to collision attacks is much safer than one that is vulnerable to collision attacks (regardless of whether it is vulnerable to pre-image attacks). Another interesting takeaway is that it looks like sometime between 1996 (Tiger) and 2000 (Whirlpool), humanity might have learned how to make collision-resistant hash functions, since none of the prominent secure hash functions designed since that era have succumbed to collision attacks. Maybe modern hash functions like SHA-256, SHA-3, and BLAKE2 will never be broken.

As a graphical reference for the article, I've included a color-coded chronological view of collision attacks, and of second pre-image attacks, as well as a survey of the best known attacks on secure hash functions.

chronological view of collision attacks

Thanks to Andreas Hülsing, Samuel Neves, and Zcash engineer Daira Hopwood for their input on this investigation.

cryptography, hash functions, BLAKE2 | Afficher tous les mots-clés

Notice: Network Upgrade Overwinter will activate at block 347500, to be mined 2018-06-25 12:00 UTC-04:00 assuming 150 seconds/block