Advertisement

Differential and Invertibility Properties of BLAKE

  • Jean-Philippe Aumasson
  • Jian Guo
  • Simon Knellwolf
  • Krystian Matusiewicz
  • Willi Meier
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6147)

Abstract

BLAKE is a hash function selected by NIST as one of the 14 second round candidates for the SHA-3 Competition. In this paper, we follow a bottom-up approach to exhibit properties of BLAKE and of its building blocks: based on differential properties of the internal function G, we show that a round of BLAKE is a permutation on the message space, and present an efficient inversion algorithm. For 1.5 rounds we present an algorithm that finds preimages faster than in previous attacks. Discovered properties lead us to describe large classes of impossible differentials for two rounds of BLAKE’s internal permutation, and particular impossible differentials for five and six rounds, respectively for BLAKE-32 and BLAKE-64. Then, using a linear and rotation-free model, we describe near-collisions for four rounds of the compression function.

Keywords

cryptanalysis hash functions SHA-3 

References

  1. 1.
    Aumasson, J.P., Guo, J., Knellwolf, S., Meier, W., Matusiewicz, K.: Differential and invertibility properties of BLAKE (full version). Cryptology ePrint Archive, Report 2010/043 (2010)Google Scholar
  2. 2.
    Aumasson, J.P., Henzen, L., Meier, W., Phan, R.C.W.: SHA-3 proposal BLAKE. Submission to the SHA-3 Competition (2008)Google Scholar
  3. 3.
    Biham, E., Dunkelman, O.: A framework for iterative hash functions - HAIFA. Cryptology ePrint Archive, Report 2007/278 (2007)Google Scholar
  4. 4.
    Bernstein, D.J.: ChaCha, a variant of Salsa20, http://cr.yp.to/chacha.html
  5. 5.
    Ji, L., Liangyu, X.: Attacks on round-reduced BLAKE. Cryptology ePrint Archive, Report 2009/238 (2009)Google Scholar
  6. 6.
    Biham, E., Biryukov, A., Shamir, A.: Miss in the middle attacks on IDEA and Khufu. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 124–138. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  7. 7.
    Knudsen, L.R.: DEAL - a 128-bit block cipher. Technical Report 151, University of Bergen (1998); Submitted as an AES candidateGoogle Scholar
  8. 8.
    Jakimoski, G., Desmedt, Y.: Related-key differential cryptanalysis of 192-bit key AES variants. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 208–221. Springer, Heidelberg (2004)Google Scholar
  9. 9.
    Biham, E., Dunkelman, O., Keller, N.: Related-key impossible differential attacks on 8-round aes-192. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 21–33. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Jean-Philippe Aumasson
    • 1
  • Jian Guo
    • 2
  • Simon Knellwolf
    • 3
  • Krystian Matusiewicz
    • 4
  • Willi Meier
    • 3
  1. 1.Nagravision SACheseauxSwitzerland
  2. 2.Nanyang Technological UniversitySingapore
  3. 3.FHNW, WindischSwitzerland
  4. 4.Technical University of DenmarkDenmark

Personalised recommendations