Cryptology ePrint Archive: Report 2010/304

Cryptanalysis of the Compression Function of SIMD

Hongbo Yu and Xiaoyun Wang

Abstract: SIMD is one of the second round candidates of the SHA-3 competition hosted by NIST. In this paper, we present some results on the compression function of SIMD 1.1 (the tweaked version) using the modular difference method. For SIMD-256, We give a free-start near collision attack on the compression function reduced to 20 steps with complexity $2^{-107}$. And for SIMD-512, we give a free-start near collision attack on the 24-step compression function with complexity $2^{208}$. Furthermore, we give a distinguisher attack on the full compression function of SIMD-512 with complexity $2^{398}$. Our attacks are also applicable for the final compression function of SIMD.

Category / Keywords: secret-key cryptography /

Date: received 20 May 2010

Contact author: yuhongbo at mail tsinghua edu cn

Available format(s): PDF | BibTeX Citation

Version: 20100525:210751 (All versions of this report)

Short URL: ia.cr/2010/304

Discussion forum: Show discussion | Start new discussion