Paper 2022/194

Finding Collisions against 4-round SHA3-384 in Practical Time

Senyang Huang, Orna Agmon Ben-Yehuda, Orr Dunkelman, and Alexander Maximov


The Keccak sponge function family, designed by Bertoni et al. in 2007, was selected by the U.S. National Institute of Standards and Technology (NIST) in 2012 as the next generation of Secure Hash Algorithm (SHA-3). Due to its theoretical and practical importance, cryptanalysis against SHA-3 has attracted an increasing attention. To the best of our knowledge, the most powerful collision attack on SHA-3 up till now is the linearisation technique proposed by Jian Guo et al. However, that technique is infeasible to work on variants with a smaller input space, such as SHA3-384. In this work we improve previous results with three ideas which were not used in previous works against SHA-3. First, in order to reduce constraints and increase flexibility in our solutions, we use 2-block messages instead of 1-block messages. Second, we reduce the connectivity problem into a satisfiability (SAT) problem, instead of applying the linearisation technique. Finally, we consider two new non-random properties of the Keccak non-linear layer and propose an efficient deduce-and-sieve algorithm based on these properties. The resulting collision-finding algorithm on 4-round SHA3-384 has a practical time complexity of $2^{59.64}$ (and memory complexity of $2^{45.93}$). This greatly improves the previous best known collision attack by Dinur et al., whose $2^{147}$ time complexity was far from being practical. Although our attack does not threaten the security margin of the SHA-3 hash function, the tools developed in this paper could be useful in future analysis of other cryptographic primitives and also in development of new and faster SAT solvers.

Available format(s)
Publication info
Preprint. MINOR revision.
SHA-3 hash functioncollision attackdeduce-and-sieve algorithmSAT solver
Contact author(s)
senyang huang @ eit lth se
2022-03-30: last of 4 revisions
2022-02-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Senyang Huang and Orna Agmon Ben-Yehuda and Orr Dunkelman and Alexander Maximov},
      title = {Finding Collisions against 4-round SHA3-384 in Practical Time},
      howpublished = {Cryptology ePrint Archive, Paper 2022/194},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.