eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2014/1012

The Boomerang Attacks on BLAKE and BLAKE2

Yonglin Hao


n this paper, we study the security margins of hash functions BLAKE and BLAKE2 against the boomerang attack. We launch boomerang attacks on all four members of BLAKE and BLAKE2, and compare their complexities. We propose 8.5-round boomerang attacks on both BLAKE-512 and BLAKE2b with complexities $2^{464}$ and $2^{474}$ respectively. We also propose 8-round attacks on BLAKE-256 with complexity $2^{198}$ and 7.5-round attacks on BLAKE2s with complexity $2^{184}$. We verify the correctness of our analysis by giving practical 6.5-round Type I boomerang quartets for each member of BLAKE and BLAKE2. According to our analysis, some tweaks introduced by BLAKE2 have increased its resistance against boomerang attacks to a certain extent. But on the whole, BLAKE still has higher a secure margin than BLAKE2.

Note: My first study on Hash Functions

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. Inscrypt 2014
CryptanalysisBoomerangBLAKEBLAKE2Message ModificationDifferential Characteristics
Contact author(s)
haoyl14 @ mails tsinghua edu cn
2014-12-26: received
Short URL
Creative Commons Attribution


      author = {Yonglin Hao},
      title = {The Boomerang Attacks on BLAKE and BLAKE2},
      howpublished = {Cryptology ePrint Archive, Paper 2014/1012},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/1012}},
      url = {https://eprint.iacr.org/2014/1012}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.