Second-Order Differential Collisions for Reduced SHA-256

Biryukov, Alex; Lamberger, Mario; Mendel, Florian; Nikoli, Ivica

doi:10.1007/978-3-642-25385-0_15

Cited by 45 publications

(57 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…About the boomerang attack on hash functions, we mainly review the known-related-key boomerang method given in [19]. We consider the compression function, denoted by CF , as CF (M, K) = E(M, K) + M and that it can be decomposed into two sub-functions as CF = CF 1 • CF 0 .…”

Section: The Boomerang Attackmentioning

confidence: 99%

“…We consider the compression function, denoted by CF , as CF (M, K) = E(M, K) + M and that it can be decomposed into two sub-functions as CF = CF 1 • CF 0 . In this way, we can start from the middle steps since M and the key K can be chosen randomly [19,23]. Then we have a backward (top) differential characteristic (β, β k ) → α with probability p for CF −1 0 , and a forward (bottom) differential characteristic (γ, γ k ) → δ with probability q for CF 1 .…”

Section: The Boomerang Attackmentioning

confidence: 99%

See 1 more Smart Citation

The Boomerang Attacks on BLAKE and BLAKE2

Hao

2015

Information Security and Cryptology

View full text Add to dashboard Cite

Abstract. In this paper, we study the security margins of hash functions BLAKE and BLAKE2 against the boomerang attack. We launch boomerang attacks on all four members of BLAKE and BLAKE2, and compare their complexities. We propose 8.5-round boomerang attacks on both BLAKE-512 and BLAKE2b with complexities 2 464 and 2 474 respectively. We also propose 8-round attacks on BLAKE-256 with complexity 2 198 and 7.5-round attacks on BLAKE2s with complexity 2 184 . We verify the correctness of our analysis by giving practical 6.5-round Type I boomerang quartets for each member of BLAKE and BLAKE2. According to our analysis, some tweaks introduced by BLAKE2 have increased its resistance against boomerang attacks to a certain extent. But on the whole, BLAKE still has higher a secure margin than BLAKE2.

show abstract

Section: The Boomerang Attackmentioning

confidence: 99%

Section: The Boomerang Attackmentioning

confidence: 99%

The Boomerang Attacks on BLAKE and BLAKE2

Hao

2015

Information Security and Cryptology

View full text Add to dashboard Cite

show abstract

“…In the known-key setting, a (related-key) boomerang attack can be used to distinguish a given permutation from a random oracle; it is called known-related-key boomerang attack in [5]. Applying the known-related-key boomerang attack to the compression function in the MMO mode, i.e, CF (K, M ) = E K (M ) + M , it is possible to start from the middle rounds because the message M and the key K can be selected randomly (refer to [5] and [14]).…”

Section: The Boomerang Attackmentioning

confidence: 99%

“…Applying the known-related-key boomerang attack to the compression function in the MMO mode, i.e, CF (K, M ) = E K (M ) + M , it is possible to start from the middle rounds because the message M and the key K can be selected randomly (refer to [5] and [14]). The (known-relatedkey) boomerang attack is particularly efficient for the ARX-type hash functions because their compression functions have strong diffusion after several steps, only short differential paths with high probabilities can be found.…”

Section: The Boomerang Attackmentioning

confidence: 99%

See 1 more Smart Citation

The Boomerang Attacks on the Round-Reduced Skein-512

Chen

Wang

2013

Selected Areas in Cryptography

View full text Add to dashboard Cite

Abstract. The hash function Skein is one of the five finalists of the NIST SHA-3 competition; it is based on the block cipher Threefish which only uses three primitive operations: modular addition, rotation and bitwise XOR (ARX). This paper studies the boomerang attacks on Skein-512. Boomerang distinguishers on the compression function reduced to 32 and 36 rounds are proposed, with complexities 2 104.5 and 2 454 respectively. Examples of the distinguishers on 28-round and 31-round are also given. In addition, the boomerang distinguishers are applicable to the key-recovery attacks on reduced Threefish-512. The complexities for key-recovery attacks reduced to 32-/33-/34-round are about 2 181 , 2 305 and 2 424 . Because Laurent et al. [14] pointed out that the previous boomerang distinguishers for Threefish-512 are in fact not compatible, our attacks are the first valid boomerang attacks for the final round Skein-512.

show abstract

Cryptanalysis of the LSH hash functions

Hao

2016

Security Comm. Networks

View full text Add to dashboard Cite

In this paper, we study the security of the LSH hash functions. We find that the wide‐pipe MD‐structural LSH hash functions apply the 17th PGV scheme which is “backward attackable”. This property equips us with trivial attacks including pseudo‐preimage, free‐start collision, and Type II boomerang. These attacks can never be available to previous MD‐structural hash functions like Skein. We stress that such trivial attacks can only be regarded as distinguishers rather than real threat to the LSH in nowadays' practical applications. But we should still be cautious about the possible malicious use of LSH in specific situations in the future. We also launch 14‐round boomerang attacks on LSH‐512 and LSH‐256 hash functions with complexities 2308 and 2242, respectively. We verify the correctness of our boomerang attacks by giving practical 11‐round boomerang quartets. To the best of our knowledge, these are the first practically verifiable boomerang results on the LSH hash functions. These boomerang results indicate that the round functions of LSH are well designed. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

Second-Order Differential Collisions for Reduced SHA-256

Cited by 45 publications

References 35 publications

The Boomerang Attacks on BLAKE and BLAKE2

The Boomerang Attacks on BLAKE and BLAKE2

The Boomerang Attacks on the Round-Reduced Skein-512

Cryptanalysis of the LSH hash functions

Contact Info

Product

Resources

About