Somitra Kumar Sanadhya

New local collisions for the SHA-2 hash family

The starting point for collision attacks on practical hash functions is a local collision. In this paper, we make a systematic study of local collisions for the SHA-2 family. The possible linear approximations of the constituent Boolean functions are considered and certain impossible conditions for such approximations are identified. Based on appropriate approximations, we describe a general method for finding local collisions. Applying this method, we obtain several local collisions and compute the probabilities of the various differential paths. Previously, only one local collision due to Gilbert-Handschuh was known. We point out two impossible conditions in the GH local collision and provide an example of an impossible differential path for linearized SHA-2 using this local collision. Sixteen new local collisions are obtained none of which have any impossible conditions. The probabilities of these local collisions are a little less than the GH local collision. On the other hand, the absence of impossible conditions may make them more suitable for (reduced round) collision search attacks on the SHA-2 family.

Attacking reduced round SHA-256

The SHA-256 hash function has started getting attention recently by the cryptanalysis community due to the various weaknesses found in its predecessors such as MD4, MD5, SHA-0 and SHA-1. We make two contributions in this work. First we describe message modification techniques and use them to obtain an algorithm to generate message pairs which collide for the actual SHA-256 reduced to 18 steps. Our second contribution is to present differential paths for 19, 20, 21, 22 and 23 steps of SHA-256. We construct parity check equations in a novel way to find these characteristics. Further, the 19-step differential path presented here is constructed by using only 15 local collisions, as against the previously known 19-step near collision differential path which consists of interleaving of 23 local collisions. Our 19-step differential path can also be seen as a single local collision at the message word level. We use a linearized local collision in this work. These results do not cause any threat to the security of the SHA-256 hash function.

On Identifying Marker Genes from Gene Expression Data in a Neural Framework through Online Feature Analysis

Many attempts have been made to analyze gene expression data. Typical goals of such analysis include discovery of subclasses, designing predictors/classifiers for diseases, identifying marker genes, and trying to get a deeper understanding of underlying biological process. Success of each of these tasks strongly depends on the features used to solve the problem. The high dimensional nature of expression profiles makes the task very difficult. Consequently, many researchers have used some feature selection criteria to reduce the dimensionality of the problem. These approaches are off‐line in nature, as feature selection is done in a separate phase from the system design phase. These approaches ignore the fact that utility of features depends on both the problem that is solved and the tool that is used to solve the problem. We here propose to use a novel neural scheme that picks up the necessary features on‐line when the system learns the classification task. Because it considers all the features at one go, it does not miss any subtle combination of these features. We demonstrate the effectiveness of our on‐line feature selection (OFS) scheme to distinguish between acute myeloid leukemia (AML) and acute lymphoblastic leukemia (ALL) cancer expression data set. Our scheme could identify only five genes that can produce results as good as or even better than what is reported in the literature on this data set. It identifies an important marker gene that alone has a very good discriminating power. This analysis method is quite general in nature and can be effectively used in other areas of bioinformatics.

A combinatorial analysis of recent attacks on step reduced SHA-2 family

We perform a combinatorial analysis of the SHA-2 compression function. This analysis explains in a unified way the recent attacks against reduced round SHA-2. We start with a general class of local collisions and show that the previously used local collision by Nikolić and Biryukov (NB) and Sanadhya and Sarkar (SS) are special cases. The study also clarifies several advantages of the SS local collision over the NB local collision. Deterministic constructions of up to 22-round SHA-2 collisions are described using the SS local collision and up to 21-round SHA-2 collisions are described using the NB local collision. For 23 and 24-round SHA-2, we describe a general strategy and then apply the SS local collision to this strategy. The resulting attacks are faster than those proposed by Indesteege et al using the NB local collision. We provide colliding message pairs for 22, 23 and 24-round SHA-2. Although these attacks improve upon the existing reduced round SHA-256 attacks, they do not threaten the security of the full SHA-2 family.1