Collisions for the WIDEA-8 Compression Function

  • Florian Mendel
  • Vincent Rijmen
  • Deniz Toz
  • Kerem Varıcı
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7779)


WIDEA is a family of block ciphers inspired by the IDEA block cipher. The design uses n-parallel instances of IDEA with an improved key schedule to obtain block ciphers with larger block sizes. Moreover, the given design is suggested as the compression function for Davies-Meyer mode. In this paper, we discuss the security of the block cipher when used as a compression function. Inspired by the weak key attacks on IDEA, we take the advantage of slow diffusion mechanism of the key schedule and present free-start collisions for WIDEA-8 which is the specified version by designers. Our results are practical and we are able to obtain free-start collisions with a complexity of 213.53.


hash functions cryptanalysis WIDEA-8 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Secure Hash Standard. Federal Information Processing Standard 180-4. National Institute of Standards and Technology (2012),
  2. 2.
    Aumasson, J.P., Henzen, L., Meier, W., Phan, R.C.W.: SHA-3 proposal BLAKE. Submission to NIST (Round 3) (2010),
  3. 3.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Keccak SHA-3 submission. Submission to NIST (Round 3) (2011),
  4. 4.
    Biham, E., Biryukov, A., Shamir, A.: Miss in the Middle Attacks on IDEA and Khufu. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 124–138. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Biham, E., Dunkelman, O., Keller, N.: New Cryptanalytic Results on IDEA. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 412–427. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Biham, E., Dunkelman, O., Keller, N.: A New Attack on 6-Round IDEA. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 211–224. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Biham, E., Dunkelman, O., Keller, N., Shamir, A.: New Data-Efficient Attacks on Reduced-Round IDEA. IACR Cryptology ePrint Archive 2011, 417 (2011)Google Scholar
  8. 8.
    Biryukov, A., Lamberger, M., Mendel, F., Nikolić, I.: Second-Order Differential Collisions for Reduced SHA-256. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 270–287. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  9. 9.
    Biryukov, A., Nakahara Jr, J., Preneel, B., Vandewalle, J.: New Weak-Key Classes of IDEA. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 315–326. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Borst, J., Knudsen, L.R., Rijmen, V.: Two Attacks on Reduced IDEA. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 1–13. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  11. 11.
    Daemen, J., Govaerts, R., Vandewalle, J.: Weak Keys for IDEA. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 224–231. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  12. 12.
    Davies, D., Price, W.: Digital signatures, an update. In: 5th International Conference on Computer Communication, pp. 845–849 (1994)Google Scholar
  13. 13.
    Demirci, H.: Square-like Attacks on Reduced Rounds of IDEA. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 147–159. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., Walker, J.: The Skein Hash Function Family. Submission to NIST (Round 3) (2010),
  15. 15.
    Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Grøstl – a SHA-3 candidate. Submission to NIST (Round 3) (2011),
  16. 16.
    Hawkes, P.: Differential-Linear Weak Key Classes of IDEA. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 112–126. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. 17.
    Junod, P.: New Attacks Against Reduced-Round Versions of IDEA. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 384–397. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Junod, P., Macchetti, M.: Revisiting the IDEA Philosophy. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 277–295. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Khovratovich, D., Leurent, G., Rechberger, C.: Narrow-Bicliques: Cryptanalysis of Full IDEA. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 392–410. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  20. 20.
    Lai, X., Massey, J.L.: A Proposal for a New Block Encryption Standard. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 389–404. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  21. 21.
    Lamberger, M., Mendel, F.: Higher-Order Differential Attack on Reduced SHA-256. Cryptology ePrint Archive, Report 2011/037 (2011),
  22. 22.
    Wei, L., Peyrin, T., Sokołowski, P., Ling, S., Pieprzyk, J., Wang, H.: On the (In)Security of IDEA in Various Hashing Modes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 163–179. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  23. 23.
    Wu, H.: The Hash Function JH. Submission to NIST (round 3) (2011),

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Florian Mendel
    • 1
  • Vincent Rijmen
    • 2
  • Deniz Toz
    • 2
  • Kerem Varıcı
    • 2
  1. 1.IAIKGraz University of TechnologyAustria
  2. 2.ESAT/COSIC and iMindsKU LeuvenBelgium

Personalised recommendations