Abstract. The main contributions of this paper are two-fold.
Firstly, we present a novel direction in the cryptanalysis of the crypto-
graphic hash function SHA-1. Our work builds on previous cryptanalytic
e orts on SHA-1 based on combinations of local collisions. Due to depen-
dencies, previous approaches used heuristic corrections when combining
the success probabilities and message conditions of the individual local
collisions. Although this leads to success probabilities that are seemingly
su cient for feasible collision attacks, this approach most often does not
lead to the maximum success probability possible as desired. We introduce
novel techniques that enable us to determine the theoretical maximum
success probability for a given set of (dependent) local collisions, as well
as the smallest set of message conditions that attains this probability.
We apply our new techniques and present an implemented open-source
near-collision attack on SHA-1 with a complexity equivalent to 257:5
SHA-1 compressions.
Secondly, we present an identical-pre x collision attack and a chosen-pre x
collision attack on SHA-1 with complexities equivalent to approximately
261 and 277.1 SHA-1 compressions, respectively.
read more...........http://marc-stevens.nl/research/papers/EC13-S.pdf