A New Dedicated 256-Bit Hash Function: FORK-256

Hong, Deukjo; Chang, Donghoon; Sung, Jaechul; Lee, Sang-Jin; Hong, Seokhie; Lee, Jaesang; Moon, Dukjae; Chee, Sungtaek

doi:10.1007/11799313_13

Cited by 28 publications

(18 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In parallel, new hash functions have been published very recently, such as FORK-256 [15] (broken in [21]), RADIO-GATÙN [4] or GRINDAHL [20]. We show here that for the GRINDAHL hash function one can find a collision (resp.…”

Section: Introductionmentioning

confidence: 82%

Cryptanalysis of Grindahl

Peyrin

2007

Advances in Cryptology – ASIACRYPT 2007

View full text Add to dashboard Cite

Abstract. Due to recent breakthroughs in hash functions cryptanalysis, some new hash schemes have been proposed. GRINDAHL is a novel hash function, designed by Knudsen, Rechberger and Thomsen and published at FSE 2007. It has the particularity that it follows the RIJNDAEL design strategy, with an efficiency comparable to SHA-256. This paper provides the first cryptanalytic work on this new scheme. We show that the 256-bit version of GRINDAHL is not collision resistant. With a work effort of approximatively 2 112 hash computations, one can generate a collision.

show abstract

Section: Introductionmentioning

confidence: 82%

Cryptanalysis of Grindahl

Peyrin

2007

Advances in Cryptology – ASIACRYPT 2007

View full text Add to dashboard Cite

show abstract

“…Preimage resistance is more important than collision resistance because the security of many applications employing hash functions are based on preimage resistance, and breaking preimage resistance implies breaking collision resistance of the practical hash functions 1 , and, therefore, we should focus more attention on preimage resistance. Saarinen showed a preimage attack on new FORK-256 [4] in 2007 [9], and in 2008, Leurent showed that a preimage of MD4 can be computed to the complexity of 2 100.51 MD4 computations [5]. In these attack, the meet-in-the-middle technique helps to compute the preimage.…”

Section: Introductionmentioning

confidence: 99%

Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1

Aoki

Sasaki

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Preimage resistance of several hash functions has already been broken by the meet-in-the-middle attacks and they utilize a property that their message schedules consist of only permutations of message words. It is unclear whether this type of attacks is applicable to a hash function whose message schedule does not consist of permutations of message words. This paper proposes new attacks against reduced SHA-0 and SHA-1 hash functions by analyzing a message schedule that does not consist of permutations but linear combinations of message words. The newly developed cryptanalytic techniques enable the meet-in-the-middle attack to be applied to reduced SHA-0 and SHA-1 hash functions. The attacks find preimages of SHA-0 and SHA-1 in 2 156.6 and 2 159.3 compression function computations up to 52 and 48 steps, respectively, compared to the brute-force attack, which requires 2 160 compression function computations. The previous best attacks find preimages up to 49 and 44 steps, respectively.

show abstract

“…Though the operators AND and OR are in no way mandatory, the use of the sole triplet (+, ⊕, ≫) can be risky, as suggested by the existence of high-probability differentials in the stream ciphers Phelix and Salsa20/8, the block cipher TEA, or in the hash function FORK-256 [40,7,39,17]. Finally, rotation provides fast diffusion within the words, with a choice of dataindependent distances-in order to avoid side-channel leakage, reduce the control of the attacker over the operations, and reduce complexity of the algorithm.…”

Section: Wordwise Operatorsmentioning

confidence: 99%

The Hash Function Family LAKE

Aumasson

Meier

Phan

Fast Software Encryption

View full text Add to dashboard Cite

Abstract. This paper advocates a new hash function family based on the HAIFA framework, inheriting built-in randomized hashing and higher security guarantees than the Merkle-Damgård construction against generic attacks. The family has as its special design features: a nested feedforward mechanism and an internal wide-pipe construction within the compression function. As examples, we give two proposed instances that compute 256-and 512-bit digests, with a 8-and 10-round compression function respectively.

show abstract

A New Dedicated 256-Bit Hash Function: FORK-256

Cited by 28 publications

References 20 publications

Cryptanalysis of Grindahl

Cryptanalysis of Grindahl

Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1

The Hash Function Family LAKE

Contact Info

Product

Resources

About