Cryptology ePrint Archive: Report 2010/091

Distinguishers for the Compression Function and Output Transformation of Hamsi-256

Jean-Philippe Aumasson and Emilia Käsper and Lars Ramkilde Knudsen and Krystian Matusiewicz and Rune Odegaard and Thomas Peyrin and Martin Schläffer

Abstract: Hamsi is one of 14 remaining candidates in NIST's Hash Competition for the future hash standard SHA-3. Until now, little analysis has been published on its resistance to differential cryptanalysis, the main technique used to attack hash functions. We present a study of Hamsi's resistance to differential and higher-order differential cryptanalysis, with focus on the 256-bit version of Hamsi. Our main results are efficient distinguishers and near-collisions for its full (3-round) compression function, and distinguishers for its full (6-round) finalization function, indicating that Hamsi's building blocks do not behave ideally.

Category / Keywords: hash functions, differential cryptanalysis, SHA-3

Publication Info: To appear in proceedings of ACISP 2010

Date: received 19 Feb 2010, last revised 24 Apr 2010

Contact author: emilia kasper at esat kuleuven be

Available formats: PDF | BibTeX Citation

Version: 20100424:144812 (All versions of this report)

Discussion forum: Show discussion | Start new discussion