Cryptanalysis of Vortex

  • Jean-Philippe Aumasson
  • Orr Dunkelman
  • Florian Mendel
  • Christian Rechberger
  • Søren S. Thomsen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5580)


Vortex is a hash function that was first presented at ISC’2008, then submitted to the NIST SHA-3 competition after some modifications. This paper describes several attacks on both versions of Vortex, including collisions, second preimages, preimages, and distinguishers. Our attacks exploit flaws both in the high-level design and in the lower-level algorithms.


Hash Function Block Cipher Compression Function Message Block Collision Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Andreeva, E., Bouillaguet, C., Fouque, P.-A., Hoch, J.J., Kelsey, J., Shamir, A., Zimmer, S.: Second preimage attacks on dithered hash functions. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 270–288. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  3. 3.
    Bellare, M., Ristenpart, T.: Multi-property-preserving hash domain extension and the EMD transform. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 299–314. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Ferguson, N.: Simple correlation on some of the output bits of Vortex. OFFICIAL COMMENT (local link) (2008),
  5. 5.
    Gueron, S., Kounavis, M.E.: Vortex: A new family of one-way hash functions based on AES rounds and carry-less multiplication. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 331–340. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Knudsen, L.R., Mendel, F., Rechberger, C., Thomsen, S.S.: Cryptanalysis of MDC-2. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, pp. 106–120. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Kounavis, M.: Vortex – a new family of one way hash functions based on Rijndael rounds and carry-less multiplication. In: Candidate presentation at the First SHA-3 Conference (February 2009),
  8. 8.
    Kounavis, M., Gueron, S.: Vortex: A new family of one way hash functions based on Rijndael rounds and carry-less multiplication. In: NIST (2008) (submission),
  9. 9.
    Lai, X., Massey, J.L.: Hash function based on block ciphers. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 55–70. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  10. 10.
    Meyer, C.H., Schilling, M.: Secure program load with manipulation detection code. In: SECURICOM 1988, pp. 111–130 (1988)Google Scholar
  11. 11.
    Motwani, R., Raghavan, P.: Randomized Algorithms. Cambridge University Press, Cambridge (1995)CrossRefzbMATHGoogle Scholar
  12. 12.
    Suzuki, K., Tonien, D., Kurosawa, K., Toyota, K.: Birthday paradox for multi-collisions. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 29–40. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Jean-Philippe Aumasson
    • 1
  • Orr Dunkelman
    • 2
  • Florian Mendel
    • 3
  • Christian Rechberger
    • 3
  • Søren S. Thomsen
    • 4
  1. 1.FHNW, WindischSwitzerland
  2. 2.École Normale SupérieureParisFrance
  3. 3.IAIK, Graz University of TechnologyAustria
  4. 4.DTU MathematicsTechnical University of DenmarkDenmark

Personalised recommendations