Practical Collisions for SHAMATA-256
نویسندگان
چکیده
In this paper, we present a collision attack on the SHA-3 submission SHAMATA. SHAMATA is a stream cipher-like hash function design with components of the AES, and it is one of the fastest submitted hash functions. In our attack, we show weaknesses in the message injection and state update of SHAMATA. It is possible to find certain message differences that do not get changed by the message expansion and non-linear part of the state update function. This allows us to find a differential path with a complexity of about 2 for SHAMATA-256 and about 2 for SHAMATA-512, using a linear low-weight codeword search. Using an efficient guess-and-determine technique we can significantly improve the complexity of this differential path for SHAMATA256. With a complexity of about 2 we are even able to construct practical collisions for the full hash function SHAMATA-256.
منابع مشابه
Practical Near-Collisions for Reduced Round Blake, Fugue, Hamsi and JH
A hash function is near-collision resistant, if it is hard to find two messages with hash values that differ in only a small number of bits. In this study, we use hill climbing methods to evaluate the nearcollision resistance of some of the round SHA-3 candidates. We practi cally obtained (i) 184/256-bit near-collision for the 2-round compression function of Blake-32; (ii) 192/256-bit near-col...
متن کاملAnalysis of SHA-512/224 and SHA-512/256
In 2012, NIST standardized SHA-512/224 and SHA-512/256, two truncated variants of SHA-512, in FIPS 180-4. These two hash functions are faster than SHA-224 and SHA-256 on 64-bit platforms, while maintaining the same hash size and claimed security level. So far, no third-party analysis of SHA-512/224 or SHA-512/256 has been published. In this work, we examine the collision resistance of step-redu...
متن کاملImproved Cryptanalysis of SHAMATA-BC
We state the design flaws of the 1-round block cipher SHAMATA-BC, designed by Fleishmann and Gorski by using the building blocks of SHAMATA hash function. We fix the flaws and then show that the amended version of SHAMATA-BC is much weaker. We believe that there is no connection between security level of SHAMATA as a hash function and that of SHAMATA-BC as a block cipher.
متن کاملNear Collisions for the Compress Function of Hamsi-256 Found by Genetic Algorithm
Hamsi is one of 14 remaining candidates in NIST's Hash Competition for the future hash standard SHA3 and Hamsi-256 is one of four kinds of Hamsi. In this paper we present a genetic algorithm to search near collisions for the compress function of Hamsi-256 , give a near collision on (256 − 20) bits and a near collision on (256 − 21) bits with four differences in the chaining value, and obtain a ...
متن کاملImproving Local Collisions: New Attacks on Reduced SHA-256
In this paper, we focus on the construction of semi-free-start collisions for SHA-256, and show how to turn them into collisions. We present a collision attack on 28 steps of the hash function with practical complexity. Using a two-block approach we are able to turn a semi-freestart collision into a collision for 31 steps with a complexity of at most 2. The main improvement of our work is to ex...
متن کامل