The Statistics Analysis On The Security Of SHA Algorithms

This paper gives a detailed overview of the algorithm of SHA-0, SHA-1 and SHA-256. Based on the algorithm structure, the data generated from the intermediate encryption are processed, and are analyzed. Probability statistical tools were used to investigate each output sequence of 0-1 following advantages, 0-1 frequency and 0-1 run length. Hypothesis testing methods are also used to estimate the statistics, which can be used to test the randomness when compared with the expectation value of the random sequence. The results show that every random output has four turns which didn't pass the random testing in the output sequences of each iterative turn. SHA-0, SHA-1 and SHA-256 can all resist the first-order differential analysis, but they can not resist the second-order differential analysis and have some loopholes in it. We can find that the security on SHA-256 is much better than SHA-0 and SHA-1 in anti- second-order differential attack. In aspect of linear properties, the output data generated during iteration are researched by affine comparative analysis and linear conformance analysis using more random input. Simultaneously, the three algorithms have been tried to be simulated by affine function and linear shift register. In aspect of affine comparative analysis, the three algorithms all have good security. We also find that some output sequences of the iteration can coincide with the sequence generated by linear shift register. Over different random input, linear functions which have high conformity can be found in output data of some iterative turn. That means, the three encrypt algorithm all have strong linear properties which is related to their characteristics of encrypt structure.In this thesis, the plus of modulus 232 in the encryption system of SHA-1 is transformed to 2-valued vector function, the cryptographic properties of which are investigated. The results show that the transformed 2-valued vector function can resist the first-order correlation attack, and can not resist the second-order correlation attack. There is no diffusivity in the encryption system of SHA-1 when modulus 232 is used alone, because the diffusivity can be ensured by the plus of modulus232, shifting and other logic function. The changed logic function has linear structure and is degenerate, and the results are the same as that of linear conformance analysis, which demonstrates that there is shortage of the security of the output sequence in aspect of nonlinearity.