Paper 2006/317

Weaknesses of the FORK-256 compression function

Krystian Matusiewicz, Scott Contini, and Josef Pieprzyk

Abstract

This report presents analysis of the compression function of a recently proposed hash function, FORK-256. We exhibit some unexpected differentials existing for the step transformation and show their possible uses in collision-finding attacks on different variants of FORK-256. As a simple application of those observations we present a method of finding chosen IV collisions for a variant of FORK-256 reduced to two branches : either 1 and 2 or 3 and 4. Moreover, we present how those differentials can be used in the full FORK-256 to easily find messages with hashes differing by only a relatively small number of bits. We argue that this method allows for finding collisions in the full function with complexity not exceeding $2^{126.6}$ hash evaluations, better than birthday attack and additionally requiring only a small amount of memory.

Note: Included new results on the full function.

Metadata
Available format(s)
PDF PS
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
hash functionscryptanalysisFORK-256
Contact author(s)
kmatus @ ics mq edu au
History
2006-11-29: last of 3 revisions
2006-09-18: received
See all versions
Short URL
https://ia.cr/2006/317
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2006/317,
      author = {Krystian Matusiewicz and Scott Contini and Josef Pieprzyk},
      title = {Weaknesses of the FORK-256 compression function},
      howpublished = {Cryptology ePrint Archive, Paper 2006/317},
      year = {2006},
      note = {\url{https://eprint.iacr.org/2006/317}},
      url = {https://eprint.iacr.org/2006/317}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.