An Improved Algebraic Attack on Hamsi-256

  • Itai Dinur
  • Adi Shamir
Conference paper

DOI: 10.1007/978-3-642-21702-9_6

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6733)
Cite this paper as:
Dinur I., Shamir A. (2011) An Improved Algebraic Attack on Hamsi-256. In: Joux A. (eds) Fast Software Encryption. FSE 2011. Lecture Notes in Computer Science, vol 6733. Springer, Berlin, Heidelberg


Hamsi is one of the 14 second-stage candidates in NIST’s SHA-3 competition. The only previous attack on this hash function was a very marginal attack on its 256-bit version published by Thomas Fuhr at Asiacrypt 2010, which is better than generic attacks only for very short messages of fewer than 100 32-bit blocks, and is only 26 times faster than a straightforward exhaustive search attack. In this paper we describe a different algebraic attack which is less marginal: It is better than the best known generic attack for all practical message sizes (up to 4 gigabytes), and it outperforms exhaustive search by a factor of at least 512. The attack is based on the observation that in order to discard a possible second preimage, it suffices to show that one of its hashed output bits is wrong. Since the output bits of the compression function of Hamsi-256 can be described by low degree polynomials, it is actually faster to compute a small number of output bits by a fast polynomial evaluation technique rather than via the official algorithm.


Algebraic attacks second preimages hash functions Hamsi 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Itai Dinur
    • 1
  • Adi Shamir
    • 1
  1. 1.Computer Science departmentThe Weizmann InstituteRehovotIsrael

Personalised recommendations