**Pseudo-cryptanalysis of the Original Blue Midnight Wish**

*Søren S. Thomsen*

**Abstract: **The hash function Blue Midnight Wish (BMW) is a candidate in the SHA-3
competition organised by the U.S. National Institute of Standards and Technology (NIST). BMW was selected for the second round of the competition, but the algorithm was tweaked in a number of ways. In this paper we describe cryptanalysis on the original version of BMW, as submitted to the SHA-3 competition in October 2008. When we refer to BMW, we therefore mean the original version of the algorithm.

The attacks described are (near-)collision, preimage and second preimage attacks on the BMW compression function. These attacks can also be described as pseudo-attacks on the full hash function, i.e., as attacks in which the adversary is allowed to choose the initial value of the hash function. The complexities of the attacks are about 2^{14} for the near-collision attack, about 2^{3n/8+1} for the pseudo-collision attack, and about 2^{3n/4+1} for the pseudo-(second) preimage attack, where n is the output length of the hash function. Memory requirements are negligible. Moreover, the attacks are not (or only moderately) affected by the choice of security parameter for BMW.

**Category / Keywords: **secret-key cryptography / hash function cryptanalysis, SHA-3 competition, Blue Midnight Wish, pseudo-attacks

**Date: **received 28 Sep 2009

**Contact author: **s thomsen at mat dtu dk

**Available format(s): **PDF | BibTeX Citation

**Version: **20090929:053442 (All versions of this report)

**Short URL: **ia.cr/2009/478

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]