Cryptology ePrint Archive: Report 2010/043

Differential and invertibility properties of BLAKE (full version)

Jean-Philippe Aumasson and Jian Guo and Simon Knellwolf and Krystian Matusiewicz and Willi Meier

Abstract: BLAKE is a hash function selected by NIST as one of the 14 second round candidates for the SHA-3 Competition. In this paper, we follow a bottom-up approach to exhibit properties of BLAKE and of its building blocks: based on differential properties of the internal function G, we show that a round of BLAKE is a permutation on the message space, and present an efficient inversion algorithm. For 1.5 rounds we present an algorithm that finds preimages faster than in previous attacks. Discovered properties lead us to describe large classes of impossible differentials for two rounds of BLAKE’s internal permutation, and particular impossible differentials for five and six rounds, respectively for BLAKE- 32 and BLAKE-64. Then, using a linear and rotation-free model, we describe near-collisions for four rounds of the compression function. Finally, we discuss the problem of establishing upper bounds on the probability of differential characteristics for BLAKE.

Category / Keywords: secret-key cryptography / BLAKE, cryptanalysis, hash functions, SHA-3

Publication Info: Full version of paper presented at FSE 2010.

Date: received 29 Jan 2010, last revised 6 May 2010

Contact author: jeanphilippe aumasson at gmail com

Available format(s): PDF | BibTeX Citation

Note: Corrected near-collision attack, with revised complexity 2^56.

Version: 20100506:084430 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]