In this paper, we present new collision search attacks on the hash function SHA-1. We show that collisions of SHA-1 can be found with complexity less than 269 hash operations. This is the first attack on the full 80-step SHA-1 with complexity less than the 280 theoretical bound.

In this paper, we present new techniques for collision search in the hash function SHA-0. Using the new techniques, we can find collisions of the full 80-step SHA-0 with complexity less than 239 hash operations.

In this paper, we present another tree-structure signature scheme based on discrete logarithm problem modulo p, where p is a large prime. The basic signing algorithm is the original ELGmal signature scheme. The scheme attains ideal security, i. e, finding existential forgeries under adaptively chosen message attacks is equivalent to solving the discrete logarithm of any random integer y∈Z*p. The scheme is also efficient, it can be implemented almost as efficiently as the original ELGamal signature scheme. We can regard the scheme as an application of ELGamal signature scheme in tree-structure signature schemes.

In Eurocrypt'05, Wang et al. presented new techniques to find collisions of Hash function MD4. The techniques are not only efficient to search for collisions, but also applicable to explore the secondpreimage of MD4. About the second-preimage attack, they showed that a random message was a weak message with probability 2−122 and it only needed a one-time MD4 computation to find the second-preimage corresponding to the weak message. A weak message means that there exits a more efficient attack than the brute force attack to find its secondpreimage. In this paper, we find another new collision differential path which can be used to find the second-preimage for more weak messages. For any random message, it is a weak message with probability 2−56, and it can be converted into a weak message by message modification techniques with about 227 MD4 computations. Furthermore, the original message is close to the resulting message (weak message), i. e, the Hamming weight of the difference for two messages is about 44.