International Workshop on Fast Software Encryption

FSE 2011: Fast Software Encryption pp 68-87

Analysis of Reduced-SHAvite-3-256 v2

  • Marine Minier
  • María Naya-Plasencia
  • Thomas Peyrin
Conference paper

DOI: 10.1007/978-3-642-21702-9_5

Volume 6733 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Minier M., Naya-Plasencia M., Peyrin T. (2011) Analysis of Reduced-SHAvite-3-256 v2. In: Joux A. (eds) Fast Software Encryption. FSE 2011. Lecture Notes in Computer Science, vol 6733. Springer, Berlin, Heidelberg


In this article, we provide the first independent analysis of the (2nd-round tweaked) 256-bit version of the SHA-3 candidate SHAvite-3. By leveraging recently introduced cryptanalysis tools such as rebound attack or Super-Sbox cryptanalysis, we are able to derive chosen-related-salt distinguishing attacks on the compression function on up to 8 rounds (12 rounds in total) and free-start collisions on up to 7 rounds. In particular, our best results are obtained by carefully controlling the differences in the key schedule of the internal cipher. Most of our results have been implemented and verified experimentally.


rebound attackSuper-SboxdistinguisherSHAvite-3SHA-3
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Marine Minier
    • 1
  • María Naya-Plasencia
    • 2
  • Thomas Peyrin
    • 3
  1. 1.Université de Lyon, INRIA, CITIFrance
  2. 2.FHNWWindischSwitzerland
  3. 3.Nanyang Technological UniversitySingapore