**Collision Attacks on NaSHA-384/512**

*Zhimin Li, Licheng Wang, Daofeng Li, Yixian Yang*

**Abstract: **NaSHA is a family of hash functions submitted by Markovski and
Mileva as a SHA-3 candidate. In this paper, we present a collision
attack on the hash function NaSHA for the output sizes 384-bit and
512-bit. This attack is based on the the weakness in the generate
course of the state words and the fact that the quasigroup operation
used in the compression function is only determined by partial state
words. Its time complexity is about $2^{128}$ with negligible memory
and its probability is more than $(1- \frac{2}{{2^{64} - 1}})^2$
($\gg \frac{1}{2}$). This is currently by far the best known
cryptanalysis result on this SHA-3 candidate.

**Category / Keywords: **Hash function, NaSHA-384, NaSHA-512, collision attack

**Date: **received 11 Jan 2009, last revised 16 Jun 2009

**Contact author: **lizhimin1981 at gmail com

**Available format(s): **PDF | BibTeX Citation

**Version: **20090616:080348 (All versions of this report)

**Short URL: **ia.cr/2009/026

[ Cryptology ePrint archive ]