Viewed as the “Swiss Army knife” of cryptography, hash functions form the backbone of security applications in industries such as telecommunications, banking and access control. They are also used in everyday devices such as personal computers, mobile phones and smart cards.
The main security goal of a hash function is to prevent anyone from generating two inputs mapping to the same output—a so-called “collision”. Despite a new method developed in 2005 that showed it is possible to generate collisions at much shorter time scales, until recently the less-secure cryptographic hash function standard SHA-1 (Secure Hash Algorithm 1) remained the industry norm.
In 2016, researchers from NTU and the Netherlands, led by Assoc Prof Thomas Peyrin from NTU’s School of Physical and Mathematical Sciences, managed to generate and detect the first free-start collision for SHA-1 (a slightly easier version of a normal collision), prompting companies such as Google, Mozilla and Microsoft to announce that they would reject SHA1- based certificates earlier than planned and move to more secure alternatives such as SHA-2.
This move proved to be timely as shortly after the announcement, based on the advances by the NTU-Netherlands collaboration, a Google-led research team was able to compute a full collision.