Fast Software Encryption

Volume 6733 of the series Lecture Notes in Computer Science pp 218-237

Boomerang Attacks on BLAKE-32

  • Alex BiryukovAffiliated withUniversity of Luxembourg
  • , Ivica NikolićAffiliated withUniversity of Luxembourg
  • , Arnab RoyAffiliated withUniversity of Luxembourg


We present high probability differential trails on 2 and 3 rounds of BLAKE-32. Using the trails we are able to launch boomerang attacks on up to 8 round-reduced keyed permutation of BLAKE-32. Also, we show that boomerangs can be used as distinguishers for hash/compression functions and present such distinguishers for the compression function of BLAKE-32 reduced to 7 rounds. Since our distinguishers on up to 6 round-reduced keyed permutation of BLAKE-32 are practical (complexity of only 212 encryptions), we are able to find boomerang quartets on a PC.


SHA-3 competition hash function BLAKE boomerang attack cryptanalysis