Cryptology ePrint Archive: Report 2010/569

Practical Near-Collisions and Collisions on Round-Reduced ECHO-256 Compression Function

Jérémy Jean and Pierre-Alain Fouque

Abstract: In this paper, we present new results on the second-round SHA-3 candidate ECHO. We describe a method to construct a collision in the compression function of ECHO-256 reduced to four rounds in 2^52 operations on AES-columns without significant memory requirements. Our attack uses the most recent analyses on ECHO, in particular the SuperSBox and SuperMixColumns layers to utilize efficiently the available freedom degrees. We also show why some of these results are flawed and we propose a solution to fix them. Our work improve the time and memory complexity of previous known techniques by using available freedom degrees more precisely. Finally, we validate our work by an implementation leading to near-collisions in 2^36 operations.

Category / Keywords: Cryptanalysis, Hash Functions, SHA-3, ECHO-256, Collision attack

Date: received 8 Nov 2010, last revised 8 Nov 2010

Contact author: Jeremy Jean at ens fr

Available formats: PDF | BibTeX Citation

Version: 20101108:125305 (All versions of this report)

Discussion forum: Show discussion | Start new discussion