The cryptographic hash function SHA-1 has been known to be weak since 2004
with the first theoretical collision attack.
Since then many techniques for SHA-1 collision attacks have been developed and
refined over the years leading to our recent practical collision attack.
In this tutorial I will present the techniques underlying our attack in detail
covering things such as local collisions, disturbance vectors,
differential trail construction, computing optimal differential characteristics,
and efficient depth first tree searches on GPUs.
This lecture will discuss the attack in details at a level intended for experts
in cryptanalysis. For a more general talk see the lecture in Cryptoday on