Boomerang Attacks on BLAKE-32
We present high probability differential trails on 2 and 3 rounds of BLAKE-32. Using the trails we are able to launch boomerang attacks on up to 8 round-reduced keyed permutation of BLAKE-32. Also, we show that boomerangs can be used as distinguishers for hash/compression functions and present such distinguishers for the compression function of BLAKE-32 reduced to 7 rounds. Since our distinguishers on up to 6 round-reduced keyed permutation of BLAKE-32 are practical (complexity of only 212 encryptions), we are able to find boomerang quartets on a PC.
KeywordsSHA-3 competition hash function BLAKE boomerang attack cryptanalysis
- 2.Aumasson, J.-P., Henzen, L., Meier, W., Phan, R.C.-W.: SHA-3 proposal BLAKE. Submission to NIST (2008)Google Scholar
- 3.Ji, L., Liangyu, X.: Attacks on round-reduced BLAKE. Cryptology ePrint Archive, Report 2009/238 (2009), http://eprint.iacr.org/2009/238.pdf
- 6.National Institute of Standards and Technology. Cryptographic hash algorithm competition, http://csrc.nist.gov/groups/ST/hash/sha-3/index.html
- 7.Su, B., Wu, W., Wu, S., Dong, L.: Near-collisions on the reduced-round compression functions of Skein and BLAKE. Cryptology ePrint Archive, Report 2010/355 (2010), http://eprint.iacr.org/2010/355.pdf