Paper 2006/317

Weaknesses of the FORK-256 compression function

Krystian Matusiewicz, Scott Contini, and Josef Pieprzyk

Abstract

This report presents analysis of the compression function of a recently proposed hash function, FORK-256. We exhibit some unexpected differentials existing for the step transformation and show their possible uses in collision-finding attacks on different variants of FORK-256. As a simple application of those observations we present a method of finding chosen IV collisions for a variant of FORK-256 reduced to two branches : either 1 and 2 or 3 and 4. Moreover, we present how those differentials can be used in the full FORK-256 to easily find messages with hashes differing by only a relatively small number of bits. We argue that this method allows for finding collisions in the full function with complexity not exceeding hash evaluations, better than birthday attack and additionally requiring only a small amount of memory.

Note: Included new results on the full function.

Metadata
Available format(s)
PDF PS
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
hash functionscryptanalysisFORK-256
Contact author(s)
kmatus @ ics mq edu au
History
2006-11-29: last of 3 revisions
2006-09-18: received
See all versions
Short URL
https://ia.cr/2006/317
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2006/317,
      author = {Krystian Matusiewicz and Scott Contini and Josef Pieprzyk},
      title = {Weaknesses of the {FORK}-256 compression function},
      howpublished = {Cryptology {ePrint} Archive, Paper 2006/317},
      year = {2006},
      url = {https://eprint.iacr.org/2006/317}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.