Analysis of BLAKE2

  • Jian Guo
  • Pierre Karpman
  • Ivica Nikolić
  • Lei Wang
  • Shuang Wu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8366)

Abstract

We present a thorough security analysis of the hash function family BLAKE2, a recently proposed and already in use tweaked version of the SHA-3 finalist BLAKE. We study how existing attacks on BLAKE apply to BLAKE2 and to what extent the modifications impact the attacks. We design and run two improved searches for (impossible) differential attacks — the outcomes suggest higher number of attacked rounds in the case of impossible differentials (in fact we improve the best results for BLAKE as well), and slightly higher for the differential attacks on the hash/compression function (which gives an insight into the quality of the tweaks). We emphasize the importance of each of the modifications, in particular we show that an improper initialization could lead to collisions and near-collisions for the full-round compression function. We analyze the permutation of the new hash function and give rotational attacks and internal differentials for the whole design. We conclude that the tweaks in BLAKE2 were chosen properly and, despite having weaknesses in the theoretical attack frameworks of permutations and of fully-chosen state input compression functions, the hash function of BLAKE2 has only slightly lower (in terms of attacked rounds) security margin than BLAKE.

Keywords

BLAKE2 BLAKE hash function rotational cryptanalysis impossible differential cryptanalysis differential cryptanalysis internal differential iterative differential 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Aumasson, J.P., Guo, J., Knellwolf, S., Matusiewicz, K., Meier, W.: Differential and Invertibility Properties of BLAKE. In: [21], pp. 318–332Google Scholar
  2. 2.
    Aumasson, J.P., Henzen, L., Meier, W., Phan, R.C.W.: SHA-3 proposal BLAKE, version 1.3 (2008), https://131002.net/blake/
  3. 3.
    Aumasson, J.-P., Meier, W., Phan, R.C.-W.: The Hash Function Family LAKE. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 36–53. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Aumasson, J.-P., Neves, S., Wilcox-O’Hearn, Z., Winnerlein, C.: BLAKE2: Simpler, Smaller, Fast as MD5. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 119–135. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  5. 5.
    Aumasson, J.P., Neves, S., Wilcox-O’Hearn, Z., Winnerlein, C.: BLAKE2: simpler, smaller, fast as MD5 — version 2013.01.29 (2013), https://blake2.net/
  6. 6.
    Aumasson, J.P., Neves, S., Wilcox-O’Hearn, Z., Winnerlein, C.: The BLAKE2 website (May 2013), https://blake2.net
  7. 7.
    Bernstein, D.J.: ChaCha, a variant of Salsa20 (2008), http://cr.yp.to/chacha.html.
  8. 8.
    Bernstein, D.J.: The Salsa20 Family of Stream Ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 84–97. Springer, Heidelberg (2008), http://cr.yp.to/snuffle.html CrossRefGoogle Scholar
  9. 9.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Kceccak reference (January 2011), http://keccak.noekeon.org/
  10. 10.
    Biham, E., Dunkelman, O.: A Framework for Iterative Hash Functions - HAIFA. IACR Cryptology ePrint Archive 2007, 278 (2007)Google Scholar
  11. 11.
    Biryukov, A., et al.: Cryptanalysis of the LAKE Hash Family. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 156–179. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Biryukov, A., Nikolić, I., Roy, A.: Boomerang Attacks on BLAKE-32. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 218–237. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    De Cannière, C., Rechberger, C.: Finding SHA-1 Characteristics: General Results and Applications. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 1–20. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Chang, S.J., Perlner, R., Burr, W.E., Turan, M.S., Kelsey, J.M., Paul, S., Bassham, L.E.: Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition. NIST Interagency Report 7896 (2012)Google Scholar
  15. 15.
    Dinur, I., Dunkelman, O., Shamir, A.: Self-Differential Cryptanalysis of Up to 5 Rounds of SHA-3. IACR Cryptology ePrint Archive 2012, 672 (2012)Google Scholar
  16. 16.
    Dinur, I., Dunkelman, O., Shamir, A.: Collision Attacks on Up to 5 Rounds of SHA-3 Using Generalized Internal Differentials. In: FSE (2013)Google Scholar
  17. 17.
    Dunkelman, O., Khovratovich, D.: Iterative Differentials, Symmetries, and Message Modification in BLAKE-256. In: ECRYPT2 Hash Workshop (2011)Google Scholar
  18. 18.
    Guo, J., Karpman, P., Nikolić, I., Wang, L., Wu, S.: Analysis of BLAKE2. IACR Cryptology ePrint Archive 2013, 467 (2013)Google Scholar
  19. 19.
    Guo, J., Matusiewicz, K.: Round-reduced near-collisions of BLAKE-32. In: WEWoRC (2009), http://guo.crypto.sg/blake-col.pdf
  20. 20.
    Guo, J., Thomsen, S.S.: Deterministic Differential Properties of the Compression Function of BMW. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 338–350. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  21. 21.
    Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147. Springer, Heidelberg (2010)Google Scholar
  22. 22.
    Khovratovich, D., Nikolić, I.: Rotational Cryptanalysis of ARX. In: [21], pp. 333–346Google Scholar
  23. 23.
    Li, J., Xu, L.: Attacks on Round-Reduced BLAKE. IACR Cryptology ePrint Archive 2009, 238 (2009), https://eprint.iacr.org/2009/238
  24. 24.
    Peyrin, T.: Improved Differential Attacks for ECHO and Grøstl. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 370–392. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  25. 25.
    Vidali, J., Nose, P., Pasalic, E.: Collisions for variants of the BLAKE hash function. Inf. Process. Lett. 110(14-15), 585–590 (2010)CrossRefMATHMathSciNetGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Jian Guo
    • 1
  • Pierre Karpman
    • 1
    • 2
  • Ivica Nikolić
    • 1
  • Lei Wang
    • 1
  • Shuang Wu
    • 1
  1. 1.Nanyang Technological UniversitySingapore
  2. 2.École normale supérieure de RennesFrance

Personalised recommendations