Cryptanalysis of dynamic SHA(2)

Jean Philippe Aumasson, Orr Dunkelman, Sebastiaan Indesteege, Bart Preneel

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


In this paper, we analyze the hash functions Dynamic SHA and Dynamic SHA2, which have been selected as first round candidates in the NIST hash function competition. These hash functions rely heavily on data-dependent rotations, similar to certain block ciphers, e.g., RC5. Our analysis suggests that in the case of hash functions, where the attacker has more control over the rotations, this approach is less favorable than in block ciphers. We present practical, or close to practical, collision attacks on both Dynamic SHA and Dynamic SHA2. Moreover, we present a preimage attack on Dynamic SHA that is faster than exhaustive search.

Original languageEnglish
Title of host publicationSelected Areas in Cryptography - 16th Annual International Workshop, SAC 2009, Revised Selected Papers
Number of pages18
StatePublished - 2009
Externally publishedYes
Event16th Annual International Workshop on Selected Areas in Cryptography, SAC 2009 - Calgary, AB, Canada
Duration: 13 Aug 200914 Aug 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5867 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference16th Annual International Workshop on Selected Areas in Cryptography, SAC 2009
CityCalgary, AB


  • Collision attack
  • Dynamic SHA
  • Dynamic SHA2
  • Hash function
  • SHA-3 candidate

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Cryptanalysis of dynamic SHA(2)'. Together they form a unique fingerprint.

Cite this