Message Recovery and Pseudo-preimage Attacks on the Compression Function of Hamsi-256

  • Çağdaş Çalık
  • Meltem Sönmez Turan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6212)


Hamsi is one of the second round candidates of the SHA-3 competition. In this study, we present non-random differential properties for the compression function of Hamsi-256. Based on these properties, we first demonstrate a distinguishing attack that requires a few evaluations of the compression function. Then, we present a message recovery attack with a complexity of 210.48 compression function evaluations. Also, we present a pseudo-preimage attack for the compression function with complexity 2254.25.


Hash functions SHA-3 competition pseudo-preimage attacks 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aumasson, J.P.: On the Pseudorandomness of Hamsi. NIST mailing list, local link (2009),
  2. 2.
    Aumasson, J.P., Käsper, E., Knudsen, L.R., Matusiewicz, K., Ødegård, R., Peyrin, T., Schläffer, M.: Differential Distinguishers for the Compression Function and Output Transformation of Hamsi-256. Cryptology ePrint Archive, Report 2010/091 (2010),
  3. 3.
    Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C., Jalby, W.: Collisions of SHA-0 and Reduced SHA-1. In: Cramer (ed.) [5], pp. 36–57Google Scholar
  4. 4.
    Chabaud, F., Joux, A.: Differential Collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)Google Scholar
  5. 5.
    Cramer, R. (ed.): EUROCRYPT 2005. LNCS, vol. 3494. Springer, Heidelberg (2005)zbMATHGoogle Scholar
  6. 6.
    Küçük, Ö.: The Hash Function Hamsi. Submission to NIST (2008),
  7. 7.
    National Institute of Standards and Technology: Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family. Federal Register 27(212), 62212–62220 (2007),
  8. 8.
    Nikolic, I.: Near Collisions for the Compression Function of Hamsi-256. CRYPTO rump session (2009)Google Scholar
  9. 9.
    Wang, M., Wang, X., Jia, K., Wang, W.: New Pseudo-Near-Collision Attack on Reduced-Round of Hamsi-256. Cryptology ePrint Archive, Report 2009/484 (2009)Google Scholar
  10. 10.
    Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for Hash functions MD4, MD5, HAVAL–128 and RIPEMD (2004),
  11. 11.
    Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer (ed.) [5], pp. 19–35Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Çağdaş Çalık
    • 1
  • Meltem Sönmez Turan
    • 2
  1. 1.Institute of Applied MathematicsMiddle East Technical UniversityTurkey
  2. 2.Computer Security DivisionNational Institute of Standards and TechnologyUSA

Personalised recommendations