Paper 2020/014
SHA-1 is a Shambles - First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust
Gaëtan Leurent and Thomas Peyrin
Abstract
The SHA-1 hash function was designed in 1995 and has been widely used during two decades. A theoretical collision attack was first proposed in 2004 [WYY05], but due to its high complexity it was only implemented in practice in 2017, using a large GPU cluster [SBK+17]. More recently, an almost practical chosen-prefix collision attack against SHA-1 has been proposed [LP19]. This more powerful attack allows to build colliding messages with two arbitrary prefixes, which is much more
threatening for real protocols.
In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the complexity of collisions attack against SHA-1: on an Nvidia GTX 970, identical-prefix collisions can now be computed with a complexity of
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- SHA-1CryptanalysisChosen-prefix collisionHPCGPUPGPGnuPG
- Contact author(s)
-
gaetan leurent @ inria fr
thomas peyrin @ ntu edu sg - History
- 2020-07-26: last of 4 revisions
- 2020-01-07: received
- See all versions
- Short URL
- https://ia.cr/2020/014
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/014, author = {Gaëtan Leurent and Thomas Peyrin}, title = {{SHA}-1 is a Shambles - First Chosen-Prefix Collision on {SHA}-1 and Application to the {PGP} Web of Trust}, howpublished = {Cryptology {ePrint} Archive, Paper 2020/014}, year = {2020}, url = {https://eprint.iacr.org/2020/014} }