SHA-1 and the Strict Avalanche Criterion
This work addresses the security analysis of SHA-1 for cryptographic applications, but it is incremental as it applies an existing methodology to a specific hash function.
The paper tackled the problem of evaluating whether the SHA-1 hash function meets the Strict Avalanche Criterion (SAC), a key property for cryptographic security, and found that SHA-1 closely tracks the SAC after the first 24 rounds with statistical significance (P < 0.01).
The Strict Avalanche Criterion (SAC) is a measure of both confusion and diffusion, which are key properties of a cryptographic hash function. This work provides a working definition of the SAC, describes an experimental methodology that can be used to statistically evaluate whether a cryptographic hash meets the SAC, and uses this to investigate the degree to which compression function of the SHA-1 hash meets the SAC. The results ($P < 0.01$) are heartening: SHA-1 closely tracks the SAC after the first 24 rounds, and demonstrates excellent properties of confusion and diffusion throughout.