Cryptanalysis of Vortex

  • Jean-Philippe Aumasson
  • Orr Dunkelman
  • Florian Mendel
  • Christian Rechberger
  • Søren S. Thomsen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5580)


Vortex is a hash function that was first presented at ISC’2008, then submitted to the NIST SHA-3 competition after some modifications. This paper describes several attacks on both versions of Vortex, including collisions, second preimages, preimages, and distinguishers. Our attacks exploit flaws both in the high-level design and in the lower-level algorithms.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Andreeva, E., Bouillaguet, C., Fouque, P.-A., Hoch, J.J., Kelsey, J., Shamir, A., Zimmer, S.: Second preimage attacks on dithered hash functions. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 270–288. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  3. 3.
    Bellare, M., Ristenpart, T.: Multi-property-preserving hash domain extension and the EMD transform. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 299–314. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Ferguson, N.: Simple correlation on some of the output bits of Vortex. OFFICIAL COMMENT (local link) (2008),
  5. 5.
    Gueron, S., Kounavis, M.E.: Vortex: A new family of one-way hash functions based on AES rounds and carry-less multiplication. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 331–340. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Knudsen, L.R., Mendel, F., Rechberger, C., Thomsen, S.S.: Cryptanalysis of MDC-2. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, pp. 106–120. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Kounavis, M.: Vortex – a new family of one way hash functions based on Rijndael rounds and carry-less multiplication. In: Candidate presentation at the First SHA-3 Conference (February 2009),
  8. 8.
    Kounavis, M., Gueron, S.: Vortex: A new family of one way hash functions based on Rijndael rounds and carry-less multiplication. In: NIST (2008) (submission),
  9. 9.
    Lai, X., Massey, J.L.: Hash function based on block ciphers. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 55–70. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  10. 10.
    Meyer, C.H., Schilling, M.: Secure program load with manipulation detection code. In: SECURICOM 1988, pp. 111–130 (1988)Google Scholar
  11. 11.
    Motwani, R., Raghavan, P.: Randomized Algorithms. Cambridge University Press, Cambridge (1995)CrossRefMATHGoogle Scholar
  12. 12.
    Suzuki, K., Tonien, D., Kurosawa, K., Toyota, K.: Birthday paradox for multi-collisions. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 29–40. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Jean-Philippe Aumasson
    • 1
  • Orr Dunkelman
    • 2
  • Florian Mendel
    • 3
  • Christian Rechberger
    • 3
  • Søren S. Thomsen
    • 4
  1. 1.FHNW, WindischSwitzerland
  2. 2.École Normale SupérieureParisFrance
  3. 3.IAIK, Graz University of TechnologyAustria
  4. 4.DTU MathematicsTechnical University of DenmarkDenmark

Personalised recommendations