Abstract
We present a thorough security analysis of the hash function family BLAKE2, a recently proposed and already in use tweaked version of the SHA-3 finalist BLAKE. We study how existing attacks on BLAKE apply to BLAKE2 and to what extent the modifications impact the attacks. We design and run two improved searches for (impossible) differential attacks — the outcomes suggest higher number of attacked rounds in the case of impossible differentials (in fact we improve the best results for BLAKE as well), and slightly higher for the differential attacks on the hash/compression function (which gives an insight into the quality of the tweaks). We emphasize the importance of each of the modifications, in particular we show that an improper initialization could lead to collisions and near-collisions for the full-round compression function. We analyze the permutation of the new hash function and give rotational attacks and internal differentials for the whole design. We conclude that the tweaks in BLAKE2 were chosen properly and, despite having weaknesses in the theoretical attack frameworks of permutations and of fully-chosen state input compression functions, the hash function of BLAKE2 has only slightly lower (in terms of attacked rounds) security margin than BLAKE.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aumasson, J.P., Guo, J., Knellwolf, S., Matusiewicz, K., Meier, W.: Differential and Invertibility Properties of BLAKE. In: [21], pp. 318–332
Aumasson, J.P., Henzen, L., Meier, W., Phan, R.C.W.: SHA-3 proposal BLAKE, version 1.3 (2008), https://131002.net/blake/
Aumasson, J.-P., Meier, W., Phan, R.C.-W.: The Hash Function Family LAKE. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 36–53. Springer, Heidelberg (2008)
Aumasson, J.-P., Neves, S., Wilcox-O’Hearn, Z., Winnerlein, C.: BLAKE2: Simpler, Smaller, Fast as MD5. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 119–135. Springer, Heidelberg (2013)
Aumasson, J.P., Neves, S., Wilcox-O’Hearn, Z., Winnerlein, C.: BLAKE2: simpler, smaller, fast as MD5 — version 2013.01.29 (2013), https://blake2.net/
Aumasson, J.P., Neves, S., Wilcox-O’Hearn, Z., Winnerlein, C.: The BLAKE2 website (May 2013), https://blake2.net
Bernstein, D.J.: ChaCha, a variant of Salsa20 (2008), http://cr.yp.to/chacha.html .
Bernstein, D.J.: The Salsa20 Family of Stream Ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 84–97. Springer, Heidelberg (2008), http://cr.yp.to/snuffle.html
Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Kceccak reference (January 2011), http://keccak.noekeon.org/
Biham, E., Dunkelman, O.: A Framework for Iterative Hash Functions - HAIFA. IACR Cryptology ePrint Archive 2007, 278 (2007)
Biryukov, A., et al.: Cryptanalysis of the LAKE Hash Family. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 156–179. Springer, Heidelberg (2009)
Biryukov, A., Nikolić, I., Roy, A.: Boomerang Attacks on BLAKE-32. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 218–237. Springer, Heidelberg (2011)
De Cannière, C., Rechberger, C.: Finding SHA-1 Characteristics: General Results and Applications. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 1–20. Springer, Heidelberg (2006)
Chang, S.J., Perlner, R., Burr, W.E., Turan, M.S., Kelsey, J.M., Paul, S., Bassham, L.E.: Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition. NIST Interagency Report 7896 (2012)
Dinur, I., Dunkelman, O., Shamir, A.: Self-Differential Cryptanalysis of Up to 5 Rounds of SHA-3. IACR Cryptology ePrint Archive 2012, 672 (2012)
Dinur, I., Dunkelman, O., Shamir, A.: Collision Attacks on Up to 5 Rounds of SHA-3 Using Generalized Internal Differentials. In: FSE (2013)
Dunkelman, O., Khovratovich, D.: Iterative Differentials, Symmetries, and Message Modification in BLAKE-256. In: ECRYPT2 Hash Workshop (2011)
Guo, J., Karpman, P., Nikolić, I., Wang, L., Wu, S.: Analysis of BLAKE2. IACR Cryptology ePrint Archive 2013, 467 (2013)
Guo, J., Matusiewicz, K.: Round-reduced near-collisions of BLAKE-32. In: WEWoRC (2009), http://guo.crypto.sg/blake-col.pdf
Guo, J., Thomsen, S.S.: Deterministic Differential Properties of the Compression Function of BMW. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 338–350. Springer, Heidelberg (2011)
Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147. Springer, Heidelberg (2010)
Khovratovich, D., Nikolić, I.: Rotational Cryptanalysis of ARX. In: [21], pp. 333–346
Li, J., Xu, L.: Attacks on Round-Reduced BLAKE. IACR Cryptology ePrint Archive 2009, 238 (2009), https://eprint.iacr.org/2009/238
Peyrin, T.: Improved Differential Attacks for ECHO and Grøstl. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 370–392. Springer, Heidelberg (2010)
Vidali, J., Nose, P., Pasalic, E.: Collisions for variants of the BLAKE hash function. Inf. Process. Lett. 110(14-15), 585–590 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Guo, J., Karpman, P., Nikolić, I., Wang, L., Wu, S. (2014). Analysis of BLAKE2 . In: Benaloh, J. (eds) Topics in Cryptology – CT-RSA 2014. CT-RSA 2014. Lecture Notes in Computer Science, vol 8366. Springer, Cham. https://doi.org/10.1007/978-3-319-04852-9_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-04852-9_21
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04851-2
Online ISBN: 978-3-319-04852-9
eBook Packages: Computer ScienceComputer Science (R0)