Practical Near-Collisions and Collisions on Round-Reduced ECHO-256 Compression Function

  • Jérémy Jean
  • Pierre-Alain Fouque
Conference paper

DOI: 10.1007/978-3-642-21702-9_7

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6733)
Cite this paper as:
Jean J., Fouque PA. (2011) Practical Near-Collisions and Collisions on Round-Reduced ECHO-256 Compression Function. In: Joux A. (eds) Fast Software Encryption. FSE 2011. Lecture Notes in Computer Science, vol 6733. Springer, Berlin, Heidelberg


In this paper, we present new results on the second-round SHA-3 candidate ECHO. We describe a method to construct a collision in the compression function of ECHO-256 reduced to four rounds in 252 operations on AES-columns without significant memory requirements. Our attack uses the most recent analyses on ECHO, in particular the SuperSBox and SuperMixColumns layers to utilize efficiently the available freedom degrees. We also show why some of these results are flawed and we propose a solution to fix them. Our work improves the time and memory complexity of previous known techniques by using available freedom degrees more precisely. Finally, we validate our work by an implementation leading to near-collisions in 236 operations for the 4-round compression function.


Cryptanalysis Hash Functions SHA-3 ECHO-256 Collision attack 

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Jérémy Jean
    • 1
  • Pierre-Alain Fouque
    • 1
  1. 1.Ecole Normale SupérieureParis Cedex 05France

Personalised recommendations