Title: Bicliques preimage attack, is it a worry? Post by: David Rabahy on October 02, 2014, 03:20:00 PM http://eprint.iacr.org/2011/286.pdf
Title: Re: Bicliques preimage attack, is it a worry? Post by: gmaxwell on October 02, 2014, 05:30:14 PM No, more certification weaknesses (around 2^256 work) on reduced round versions.
Title: Re: Bicliques preimage attack, is it a worry? Post by: David Rabahy on October 03, 2014, 01:50:14 PM Ah, SHA-256 is 64 rounds, whereas the paper in question talks about of an attack at 45 rounds. I gather it is not just a matter of working harder the same way to get to 46 or more rounds but rather novel enhancements are required if it is even possible.
Title: Re: Bicliques preimage attack, is it a worry? Post by: David Rabahy on October 03, 2014, 01:54:15 PM One wonders if the Bitcoin reference implementation is built upon one of the SHS validated http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm SHA-256 implementations.
Title: Re: Bicliques preimage attack, is it a worry? Post by: David Rabahy on October 03, 2014, 01:57:43 PM The referenced paper is obviously a public attack, so to speak. One wonders what the state of the art is non-publicly. I suppose the paper might be as good as it gets at this point.
|