Katholieke Universiteit Leuven
In this paper, the authors analyze the hash functions dynamic SHA and dynamic SHA2, which have been selected as first round candidates in the NIST hash function competition. These hash functions rely heavily on data-dependent rotations, similar to certain block ciphers, e.g., RC5. Their analysis suggests that in the case of hash functions, where the attacker has more control over the rotations, this approach is less favorable than in block ciphers. They present practical, or close to practical, collision attacks on both dynamic SHA and dynamic SHA2.