Paper 2019/147

Practical Collision Attacks against Round-Reduced SHA-3

Jian Guo, Guohong Liao, Guozhen Liu, Meicheng Liu, Kexin Qiao, and Ling Song


The KECCAK hash function is the winner of the SHA-3 competition (2008 -- 2012) and became the SHA-3 standard of NIST in 2015. In this paper, we focus on practical collision attacks against round-reduced SHA-3 and some KECCAK variants. Following the framework developed by Dinur et al. at FSE~2012 where 4-round collisions were found by combining 3-round differential trails and 1-round connectors, we extend the connectors to up to three rounds and hence achieve collision attacks for up to 6 rounds. The extension is possible thanks to the large degree of freedom of the wide internal state. By linearizing S-boxes of the first round, the problem of finding solutions of 2-round connectors is converted to that of solving a system of linear equations. When linearization is applied to the first two rounds, 3-round connectors become possible. However, due to the quick reduction in the degree of freedom caused by linearization, the connector succeeds only when the 3-round differential trails satisfy some additional conditions. We develop dedicated strategies for searching differential trails and find that such special differential trails indeed exist. To summarize, we obtain the first real collisions on six instances, including three round-reduced instances of SHA-3, namely 5-round SHAKE128, SHA3-224, and SHA3-256, and three instances of KECCAK contest, namely KECCAK[$1440,160,5,160$], KECCAK[$640,160,5,160$] and KECCAK[$1440,160,6,160$], improving the number of practically attacked rounds by two. It is remarked that the work here is still far from threatening the security of the full 24-round SHA-3 family.

Available format(s)
Secret-key cryptography
Publication info
Published by the IACR in JOC 2019
Cryptanalysishash functionSHA-3KECCAKcollisionlinearizationdifferentialGPU
Contact author(s)
guojian @ ntu edu sg
liaogh cs @ gmail com
liuguozhen @ sjtu edu cn
meicheng liu @ gmail com
qiaokexin @ bctest com
songling qs @ gmail com
2019-02-20: received
Short URL
Creative Commons Attribution


      author = {Jian Guo and Guohong Liao and Guozhen Liu and Meicheng Liu and Kexin Qiao and Ling Song},
      title = {Practical Collision Attacks against Round-Reduced SHA-3},
      howpublished = {Cryptology ePrint Archive, Paper 2019/147},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.