Cryptology ePrint Archive: Report 2016/827
Security Analysis of BLAKE2's Modes of Operation
Atul Luykx and Bart Mennink and Samuel Neves
Abstract: BLAKE2 is a hash function introduced at ACNS 2013, which has been adopted in many constructions and applications. It is a successor to the SHA-3 finalist BLAKE, which received a significant amount of security analysis. Nevertheless, BLAKE2 introduces sufficient changes so that not all results from BLAKE carry over, meaning new analysis is necessary. To date, all known cryptanalysis done on BLAKE2 has focused on its underlying building blocks, with little focus placed on understanding BLAKE2's generic security. We prove that BLAKE2's compression function is indifferentiable from a random function in a weakly ideal cipher model, which was not the case for BLAKE. This implies that there are no generic attacks against any of the modes that BLAKE2 uses.
Category / Keywords: BLAKE, BLAKE2, hash function, indifferentiability, PRF
Original Publication (with minor differences): IACR-FSE-2017
Date: received 26 Aug 2016, last revised 30 Aug 2016
Contact author: atul luykx at esat kuleuven be, bart mennink@esat kuleuven be, sneves@dei uc pt
Available format(s): PDF | BibTeX Citation
Note: Updated IACRtrans class file.
Version: 20160831:055801 (All versions of this report)
Short URL: ia.cr/2016/827
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]