An Improved Algebraic Attack on Hamsi-256
نویسندگان
چکیده
Hamsi is one of the 14 second-stage candidates in NIST’s SHA-3 competition. The only previous attack on this hash function was a very marginal attack on its 256-bit version published by Thomas Fuhr at Asiacrypt 2010, which is better than generic attacks only for very short messages of fewer than 100 32-bit blocks, and is only 26 times faster than a straightforward exhaustive search attack. In this paper we describe a different algebraic attack which is less marginal: It is better than the best known generic attack for all practical message sizes (up to 4 gigabytes), and it outperforms exhaustive search by a factor of at least 512. The attack is based on the observation that in order to discard a possible second preimage, it suffices to show that one of its hashed output bits is wrong. Since the output bits of the compression function of Hamsi-256 can be described by low degree polynomials, it is actually faster to compute a small number of output bits by a fast polynomial evaluation technique rather than via the official algorithm.
منابع مشابه
New Pseudo-Near-Collision Attack on Reduced-Round of Hamsi-256
Hamsi-256 is designed by Özgül Kücük and it has been a candidate Hash function for the second round of SHA-3. The compression function of Hamsi-256 maps a 256-bit chaining value and a 32-bit message to a new 256-bit chaining value. As hashing a message, Hamsi-256 operates 3-round except for the last message it operates 6-round. In this paper, we will give the pseudo-near-collision for 5-round H...
متن کاملCollision Attack on the Hamsi-256 Compression Function
Hamsi-256 is a cryptographic hash functions submitted by Küçük to the NIST SHA-3 competition in 2008. It was selected by NIST as one of the 14 round 2 candidates in 2009. Even though Hamsi-256 did not make it to the final round in 2010 it is still an interesting target for cryptanalysts. Since Hamsi-256 has been proposed, it received a great deal of cryptanalysis. Besides the second-preimage at...
متن کاملMessage Recovery and Pseudo-preimage Attacks on the Compression Function of Hamsi-256
Hamsi is one of the second round candidates of the SHA-3 competition. In this study, we present non-random differential properties for the compression function of the hash function Hamsi-256. Based on these properties, we first demonstrate a distinguishing attack that requires a few evaluations of the compression function and extend the distinguisher to 5 rounds with complexity 2. Then, we pres...
متن کاملFinding Second Preimages of Short Messages for Hamsi-256
In this paper we study the second preimage resistance of Hamsi-256, a second round SHA-3 candidate. We show that it is possible to find affine equations between some input bits and some output bits on the 3-round compression function. This property enables an attacker to find pseudo preimages for the Hamsi-256 compression function. The pseudo preimage algorithm can be used to find second preima...
متن کاملNear Collisions for the Compress Function of Hamsi-256 Found by Genetic Algorithm
Hamsi is one of 14 remaining candidates in NIST's Hash Competition for the future hash standard SHA3 and Hamsi-256 is one of four kinds of Hamsi. In this paper we present a genetic algorithm to search near collisions for the compress function of Hamsi-256 , give a near collision on (256 − 20) bits and a near collision on (256 − 21) bits with four differences in the chaining value, and obtain a ...
متن کامل