Round-Reduced Collisions of BLAKE-32

In this paper, we investigate the security of SHA-3 candidate BLAKE. We analyse the propagation of differences that are rotation-invariant in the internal function G. We show that by using them, it is possible to obtain near-collisions for the compression function reduced to 4 rounds out of 10. We also discuss the security of some variants of BLAKE.