Distinguishers for the compression function and output transformation of hamsi-256

Authors:
Jean-Philippe Aumasson;Emilia Käsper;Lars Ramkilde Knudsen;Krystian Matusiewicz;Rune Ødegård;Thomas Peyrin;Martin Schläffer
Affiliations:
Nagravision SA, Cheseaux, Switzerland;Katholieke Universiteit Leuven, ESAT-COSIC, Belgium;Department of Mathematics, Technical University of Denmark;Institute of Mathematics and Computer Science, Wroclaw University of Technology;Centre for Quantifiable Quality of Service in Communication Systems, Norwegian University of Science and Technology;Ingenico, France;IAIK, TU Graz, Austria
Venue:
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Year:
2010

Citing 11
Cited 4

A Generalized Birthday Problem

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Serpent: A New Block Cipher Proposal

FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
The Boomerang Attack

FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Distinguisher and Related-Key Attack on the Full AES-256

CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
A Distinguisher for the Compression Function of SIMD-512

INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
A new paradigm for collision-free hashing: incrementality at reduced cost

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Distinguishers for the compression function and output transformation of hamsi-256

ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Efficient collision search attacks on SHA-0

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

Distinguishers for the compression function and output transformation of hamsi-256

ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Zero-sum distinguishers for iterated permutations and application to KECCAK-f and Hamsi-256

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
An improved algebraic attack on Hamsi-256

FSE'11 Proceedings of the 18th international conference on Fast software encryption
Improved integral analysis on tweaked lesamnta

ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Hamsi is one of 14 remaining candidates in NIST's Hash Competition for the future hash standard SHA-3. Until now, little analysis has been published on its resistance to differential cryptanalysis, the main technique used to attack hash functions. We present a study of Hamsi's resistance to differential and higher-order differential cryptanalysis, with focus on the 256-bit version of Hamsi. Our main results are efficient distinguishers and near-collisions for its full (3-round) compression function, and distinguishers for its full (6-round) finalization function, indicating that Hamsi's building blocks do not behave ideally.