
Be the first to like this
Published on
The cryptographic hash function SHA256 is one member of the SHA2 hash family, which was proposed in 2000 and was standardized by NIST in 2002 as a successor of SHA1. Although the differential fault …
The cryptographic hash function SHA256 is one member of the SHA2 hash family, which was proposed in 2000 and was standardized by NIST in 2002 as a successor of SHA1. Although the differential fault attack on SHA1compression function has been proposed, it seems hard to be directly adapted to SHA256. In this paper, an efficient algebraic fault attack on SHA256 compression function is proposed under the wordoriented random fault model. During the attack, an automatic tool STP is exploited, which constructs binary expressions for the wordbased operations in SHA256 compression function and then invokes a SAT solver to solve the equations. The simulation of the new attack needs about 65 fault injections to recover the chaining value and the input message block with about 200 seconds on average. Moreover, based on the attack on SHA256 compression function, an almost universal forgery attack on HMACSHA256 is presented. Our algebraic fault analysis is generic, automatic and can be applied to other ARXbased primitives.
Be the first to like this
Be the first to comment