Cryptology ePrint Archive: Report 2006/317

Weaknesses of the FORK-256 compression function

Krystian Matusiewicz and Scott Contini and Josef Pieprzyk

Abstract: This report presents analysis of the compression function of a recently proposed hash function, FORK-256. We exhibit some unexpected differentials existing for the step transformation and show their possible uses in collision-finding attacks on different variants of FORK-256. As a simple application of those observations we present a method of finding chosen IV collisions for a variant of FORK-256 reduced to two branches : either 1 and 2 or 3 and 4. Moreover, we present how those differentials can be used in the full FORK-256 to easily find messages with hashes differing by only a relatively small number of bits. We argue that this method allows for finding collisions in the full function with complexity not exceeding $2^{126.6}$ hash evaluations, better than birthday attack and additionally requiring only a small amount of memory.

Category / Keywords: secret-key cryptography / hash functions, cryptanalysis, FORK-256

Date: received 14 Sep 2006, last revised 29 Nov 2006

Contact author: kmatus at ics mq edu au

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: Included new results on the full function.

Version: 20061129:074724 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]