Distinguishers for the Compression Function and Output Transformation of Hamsi-256

Hamsi is one of 14 remaining candidates in NIST's Hash Competition for the future hash standard SHA-3. Until now, little analysis has been published on its resistance to differential cryptanalysis, the main technique used to attack hash functions. We present a study of Hamsi's resistance to differential and higher-order differential cryptanalysis, with focus on the 256-bit version of Hamsi. Our main results are efficient distinguishers and near-collisions for its full (3-round) compression function, and distinguishers for its full (6-round) finalization function, indicating that Hamsi's building blocks do not behave ideally.

[1]  Xiaoyun Wang,et al.  Efficient Collision Search Attacks on SHA-0 , 2005, CRYPTO.

[2]  Sanjay Burman,et al.  On Algebraic Relations of Serpent S-Boxes , 2009, IACR Cryptol. ePrint Arch..

[3]  David A. Wagner,et al.  A Generalized Birthday Problem , 2002, CRYPTO.

[4]  D. Bernstein Better price-performance ratios for generalized birthday attacks , 2007 .

[5]  Florian Mendel,et al.  A Distinguisher for the Compression Function of SIMD-512 , 2009, INDOCRYPT.

[6]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[7]  J. Davenport Editor , 1960 .

[8]  Mihir Bellare,et al.  A New Paradigm for Collision-Free Hashing: Incrementality at Reduced Cost , 1997, EUROCRYPT.

[9]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[10]  J. Leasure,et al.  Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3 , 2007 .

[11]  Kasteelpark Arenberg,et al.  The Hash Function Hamsi , 2008 .

[12]  Rubik Poghossian,et al.  Recursion relations in CFT and N=2 SYM theory , 2009, 0909.3412.

[13]  Ivica Nikolić Near Collisions for the Compression Function of Hamsi-256 , 2009 .

[14]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[15]  Xuejia Lai Higher Order Derivatives and Differential Cryptanalysis , 1994 .

[16]  Hui Chen,et al.  Cryptanalysis of the Hash Functions MD4 and RIPEMD , 2005, EUROCRYPT.

[17]  Alex Biryukov,et al.  Distinguisher and Related-Key Attack on the Full AES-256 , 2009, CRYPTO.

[18]  David A. Wagner,et al.  The Boomerang Attack , 1999, FSE.

[19]  Wei Wang,et al.  New Pseudo-Near-Collision Attack on Reduced-Round of Hamsi-256 , 2009, IACR Cryptol. ePrint Arch..