Paper 2011/286

Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family

Dmitry Khovratovich, Christian Rechberger, and Alexandra Savelieva


We present the new concept of biclique as a tool for preimage attacks, which employs many powerful techniques from differential cryptanalysis of block ciphers and hash functions. The new tool has proved to be widely applicable by inspiring many authors to publish new results of the full versions of AES, KASUMI, IDEA, Square, and others. In this paper, we demonstrate how our concept results in the first cryptanalysis of the Skein hash function, and describe an attack on the SHA-2 hash function with more rounds than before.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
khovratovich @ gmail com
christian rechberger @ groestl info
alexandra savelieva @ gmail com
2012-02-07: revised
2011-06-03: received
See all versions
Short URL
Creative Commons Attribution


      author = {Dmitry Khovratovich and Christian Rechberger and Alexandra Savelieva},
      title = {Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family},
      howpublished = {Cryptology ePrint Archive, Paper 2011/286},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.