Cryptanalysis of FORK-256
نویسندگان
چکیده
In this paper we present a cryptanalysis of a new 256-bit hash function, FORK-256, proposed by Hong et al. at FSE 2006. This cryptanalysis is based on some unexpected differentials existing for the step transformation. We show their possible uses in different attack scenarios by giving a 1-bit (resp. 2-bit) near collision attack against the full compression function of FORK-256 running with complexity of 2 (resp. 2) and with negligible memory, and by exhibiting a 22-bit near pseudo-collision. We also show that we can find collisions for the full compression function with a small amount of memory with complexity not exceeding 2 hash evaluations. We further show how to reduce this complexity to 2 hash computations by using 2 memory words. Finally, we show that this attack can be extended with no additional cost to find collisions for the full hash function, i.e. with the predefined IV.
منابع مشابه
Cryptanalysis of Reduced Variants of the FORK-256 Hash Function
FORK-256 is a hash function presented at FSE 2006.Whereas SHA-like designs process messages in one stream, FORK-256 uses four parallel streams for hashing. In this article, we present the first cryptanalytic results on this design strategy. First, we study a linearized variant of FORK-256, and show several unusual properties of this linearized variant. We also explain why the linearized model c...
متن کاملA Meet-in-the-Middle Collision Attack Against the New FORK-256
We show that a 2 collision attack exists against the FORK-256 Hash Function. The attack is surprisingly simple compared to existing published FORK-256 cryptanalysis work, yet is the best known result against the new, tweaked version of the hash. The attack is based on “splitting” the message schedule and compression function into two halves in a meet-in-the-middle attack. This in turn reduces t...
متن کاملImpossible Differential Cryptanalysis on Deoxys-BC-256
Deoxys is a final-round candidate of the CAESAR competition. Deoxys is built upon an internal tweakable block cipher Deoxys-BC, where in addition to the plaintext and key, it takes an extra non-secret input called a tweak. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round...
متن کاملNew FORK-256
The hash function FORK-256 was published at the first NIST hash workshop and FSE 2006. It consists of simple operations so that its performance is better than that of SHA-256. However, recent papers show some weaknesses of FORK-256. In this paper, we propose newly modified FORK-256 which has no microcoliisions and so is resistant against existing attacks. Furthermore, it is faster than the old ...
متن کاملCollisions for two branches of FORK-256
This note presents analysis of the compression function of a recently proposed hash function, FORK-256. We exhibit some unexpected differentials existing for the step transformation and show their possible uses in collision-finding attacks on different simplified variants of FORK-256. Finally, as a concrete application of those observations we present a method of finding chosen IV collisions fo...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007