Paper 2013/852

Improved Boomerang Attacks on Round-Reduced SM3 and BLAKE-256

Dongxia Bai and Hongbo Yu and Gaoli Wang and Xiaoyun Wang

Abstract

In this paper we study the security of hash functions SM3 and BLAKE-256 against boomerang attack. SM3 is designed by X. Wang et al. and published by Chinese Commercial Cryptography Administration Office for the use of electronic certification service system in China. BLAKE is one of the five finalists of the NIST SHA-3 competition submitted by J.-P. Aumasson et al. For SM3, we present boomerang distinguishers for the compression function reduced to 34/35/36/37/38 steps out of 64 steps, with time complexities $2^{31.4}$, $2^{33.6}$, $2^{73.4}$, $2^{93}$ and $2^{192}$ respectively. Then we show some incompatible problems existed in the previous boomerang attacks on SM3. Meanwhile, we launch boomerang attacks on up to 7 and 8 rounds keyed permutation of BLAKE-256 which are the first valid $7$-round and $8$-round boomerangs for BLAKE-256. Especially, since our distinguishers on 34/35-step compression function of SM3 and 7-round keyed permutation of BLAKE-256 are practical, we are able to obtain boomerang quartets of these attacks. As far as we know, these are the best results against round-reduced SM3 and BLAKE-256.