Practical Collisions for SHAMATA-256

  • Sebastiaan Indesteege
  • Florian Mendel
  • Bart Preneel
  • Martin Schläffer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5867)


In this paper, we present a collision attack on the SHA-3 submission SHAMATA. SHAMATA is a stream cipher-like hash function design with components of the AES, and it is one of the fastest submitted hash functions. In our attack, we show weaknesses in the message injection and state update of SHAMATA. It is possible to find certain message differences that do not get changed by the message expansion and non-linear part of the state update function. This allows us to find a differential path with a complexity of about 296 for SHAMATA-256 and about 2110 for SHAMATA-512, using a linear low-weight codeword search. Using an efficient guess-and-determine technique we can significantly improve the complexity of this differential path for SHAMATA-256. With a complexity of about 240 we are even able to construct practical collisions for the full hash function SHAMATA-256.


SHAMATA SHA-3 candidate hash function collision attack 


  1. 1.
    Atalay, A., Kara, O., Karakoç, F., Manap, C.: SHAMATA Hash Function Algorithm Specifications. Submission to NIST (2008),,
  2. 2.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: Sponge functions. In: ECRYPT Hash Workshop, Barcelona, Spain, May 24-25 (2007),
  3. 3.
    Canteaut, A., Chabaud, F.: A New Algorithm for Finding Minimum-Weight Words in a Linear Code: Application to McEliece’s Cryptosystem and to Narrow-Sense BCH Codes of Length 511. IEEE Transactions on Information Theory 44(1), 367–378 (1998)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Daemen, J., Assche, G.V.: Producing Collisions for Panama, Instantaneously. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 1–18. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Daemen, J., Clapp, C.S.K.: Fast Hashing and Stream Encryption with PANAMA. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 60–74. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  6. 6.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES — The Advanced Encryption Standard. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  7. 7.
    National Institute of Standards and Technology: Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family. Federal Register 27(212), 62212–62220 (November 2007),
  8. 8.
    Pramstaller, N., Rechberger, C., Rijmen, V.: Exploiting Coding Theory for Collision Attacks on SHA-1. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 78–95. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Rijmen, V., Oswald, E.: Update on SHA-1. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 58–71. Springer, Heidelberg (2005)Google Scholar
  10. 10.
    Rijmen, V., Van Rompay, B., Preneel, B., Vandewalle, J.: Producing Collisions for PANAMA. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 37–51. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Sebastiaan Indesteege
    • 1
    • 2
  • Florian Mendel
    • 3
  • Bart Preneel
    • 1
    • 2
  • Martin Schläffer
    • 3
  1. 1.Department of Electrical Engineering ESAT/COSICKatholieke Universiteit Leuven.HeverleeBelgium
  2. 2.Interdisciplinary Institute for BroadBand Technology (IBBT)Belgium
  3. 3.Institute for Applied Information Processing and CommunicationsGrazAustria

Personalised recommendations