{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,18]],"date-time":"2025-12-18T09:38:37Z","timestamp":1766050717780,"version":"build-2065373602"},"reference-count":21,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T00:00:00Z","timestamp":1725753600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"IO Global"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>The measure of diffusion, the property of dissipating patterns and statistical structures in cryptographic transformations, serves as a valuable heuristic for assessing the obscurity of patterns that could lead to collisions. As with many cryptographic hash functions, SHA-256 is thought to exhibit the property of diffusion. While SHA-256\u2019s diffuse output is loosely documented, even less is known about how the diffusion rate changes across the 64 rounds in its compression function and how the algorithm\u2019s individual sub-functions contribute to the overall diffusion. The diffusion of the unmodified compression function is initially measured using the Strict Avalanche Criterion (SAC), with the aim of understanding the alteration in diffusion across the 64 rounds of compression. The level to which sub-functions affect diffusion is subsequently measured, enabling potential prioritization of these sub-functions in future collision attacks. To accomplish this, the compression function is modified by removing sub-functions, and the diffusion of these new variants is measured. While the SAC measurements of each function eventually plateau close to the 50% target, no function, including the unmodified compression function, strictly meets the SAC, and multiple variant functions diffuse at comparatively slower rates.<\/jats:p>","DOI":"10.3390\/cryptography8030040","type":"journal-article","created":{"date-parts":[[2024,9,9]],"date-time":"2024-09-09T04:15:01Z","timestamp":1725855301000},"page":"40","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Strict Avalanche Criterion of SHA-256 and Sub-Function-Removed Variants"],"prefix":"10.3390","volume":"8","author":[{"given":"Riley","family":"Vaughn","sequence":"first","affiliation":[{"name":"Department of Electrical Engineering and Computer Science, University of Wyoming, Laramie, WY 82071, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9409-8245","authenticated-orcid":false,"given":"Mike","family":"Borowczak","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, University of Central Florida, Orlando, FL 32816, USA"}]}],"member":"1968","published-online":{"date-parts":[[2024,9,8]]},"reference":[{"key":"ref_1","unstructured":"(2002). FIPS pub 180-2 Secure Hash Standard (Standard No. NIST:180-2)."},{"key":"ref_2","unstructured":"(2015). FIPS pub 180-4 Secure Hash Standard (Standard No. NIST:180-4)."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Rescorla, E. (2018). The Transport Layer Security (TLS) Protocol Version 1.3, RFC Editor.","DOI":"10.17487\/RFC8446"},{"key":"ref_4","unstructured":"Nakamoto, S. (2024, September 07). Bitcoin: A Peer-to-Peer Electronic Cash System. Available online: https:\/\/bitcoin.org\/bitcoin.pdf."},{"key":"ref_5","unstructured":"Handschuh, H., and Gilbert, H. (2009, January 27\u201328). The Evaluation Report of SHA-256 Crypt Analysis Hash Function. Proceedings of the 2009 International Conference on Communication Software and Networks, Chengdu, China."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"656","DOI":"10.1002\/j.1538-7305.1949.tb00928.x","article-title":"Communication theory of secrecy systems","volume":"28","author":"Shannon","year":"1949","journal-title":"Bell Syst. Tech. J."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1038\/scientificamerican0573-15","article-title":"Cryptography and Computer Privacy","volume":"228","author":"Feistel","year":"1973","journal-title":"Sci. Am."},{"key":"ref_8","first-page":"523","article-title":"On the design of S-Boxes","volume":"218","author":"Webster","year":"1985","journal-title":"LNCS"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.matcom.2004.09.001","article-title":"The strict avalanche criterion randomness test","volume":"68","author":"Castro","year":"2005","journal-title":"Math. Comput. Simul."},{"key":"ref_10","first-page":"175","article-title":"Security Analysis of SHA-256 and Sisters*","volume":"3006","author":"Gilbert","year":"2004","journal-title":"LNCS"},{"key":"ref_11","first-page":"112472","article-title":"Investigating the Avalanche Effect of Various Cryptographically Secure Hash Functions and Hash-Based Applications","volume":"10","author":"Upadhyay","year":"2022","journal-title":"EEE Access"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Yoshida, H., and Biryukov, A. (2005). Analysis of a SHA-256 Variant. Selected Areas in Cryptography. SAC 2005. Lecture Notes in Computer Science, Springer.","DOI":"10.1007\/11693383_17"},{"key":"ref_13","first-page":"91","article-title":"New Collision attacks Against Up To 24-step SHA-2","volume":"5365","author":"Sanadhya","year":"2008","journal-title":"LNSC"},{"key":"ref_14","unstructured":"Lamberger, M., and Mendel, F. (2024, September 07). Higher-Order Differential Attack on Reduced SHA-256. Available online: https:\/\/eprint.iacr.org\/2011\/037."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Li, Y., Liu, F., and Wang, G. (2024). New Records in Collision Attacks on SHA-2. Cryptol. ePrint Arch., Paper 2024\/349. Available online: https:\/\/eprint.iacr.org\/2024\/349.","DOI":"10.1007\/978-3-031-58716-0_6"},{"key":"ref_16","unstructured":"Damgard, I.B. (1989). A Design Principle for Hash Functions. Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings, Springer."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"2469","DOI":"10.1007\/s10623-018-0458-5","article-title":"Nonlinear Diffusion Layers","volume":"86","author":"Liu","year":"2018","journal-title":"Des. Codes Cryptogr."},{"key":"ref_18","unstructured":"(2024, September 07). Random GO Standard Library. Available online: https:\/\/pkg.go.dev\/math\/rand."},{"key":"ref_19","unstructured":"(2024, September 07). SHA-256 GO Standard Library. Available online: https:\/\/pkg.go.dev\/crypto\/sha256."},{"key":"ref_20","unstructured":"Vaughn, R. (2024, September 07). Available online: https:\/\/github.com\/RileyVaughn\/Sha256-SAC."},{"key":"ref_21","unstructured":"National Institute of Standards and Technology (2024, September 07). The Secure Hash Algorithm Validation System (SHAVS), Available online: https:\/\/csrc.nist.gov\/CSRC\/media\/Projects\/Cryptographic-Algorithm-Validation-Program\/documents\/shs\/SHAVS.pdf."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/8\/3\/40\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T15:51:39Z","timestamp":1760111499000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/8\/3\/40"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,8]]},"references-count":21,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2024,9]]}},"alternative-id":["cryptography8030040"],"URL":"https:\/\/doi.org\/10.3390\/cryptography8030040","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2024,9,8]]}}}