/WorldsFirstSha2Vulnerability

Sha256 vulnerability for full rounds. Circular hash attack.

Primary LanguagePythonMIT LicenseMIT

WorldsFirstSha2Vulnerability

Sha256 vulnerability for full rounds. A Circular hash attack(known as fixed point).

Proof

Run proof.py to check my work

Concepts

Free-start collision attack

A collision attack where hackers cannot control the input hash.

Circular hash attack

Finding input_hash and message_block which makes input_hash=output_hash. In certain cases, it can result infinite set of collisions by chaining arbitrary number of circular blocks. So, this attack makes one hash value permanently vulnerable to collisions. So, I decided not to publish another works.

Attack methods

I developed an entirely new type of cryptanalysis theory to achieve this. It has a similar form comparing to differential analysis. Individuals found ways to reproduce this vulnerbility using SAT software. It's an another approach, not done by my method.

Clarifications

I've been noticed by several individuals, thus 'circular hash attack' isn't the world's first type of attack. So, I fixed the description. Quiet sad :(

Some people told me it's easy to find fixed points for Davies-Meyer structure, so, it's easy to find circular hash of SHA256's. For it, I cannot clarify at some degrees. First, SHA256's not exactly a Davies-Meyer. Secondly, finding fixed points for such structures, claimed to be 'easy', has complexity above 2^(n/2), according to Wikipedia. It's still an infeasibly hard problem.