Collision Attack on the Hamsi-256 Compression Function

  • Mario Lamberger
  • Florian Mendel
  • Vincent Rijmen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7668)


Hamsi-256 is a cryptographic hash functions submitted by Küçük to the NIST SHA-3 competition in 2008. It was selected by NIST as one of the 14 round 2 candidates in 2009. Even though Hamsi-256 did not make it to the final round in 2010 it is still an interesting target for cryptanalysts. Since Hamsi-256 has been proposed, it received a great deal of cryptanalysis. Besides the second-preimage attacks on the hash function, most cryptanalysis focused on non-random properties of the compression function or output transformation of Hamsi-256. Interestingly, the collision resistance of the hash or compression function got much less attention. In this paper, we present a collision attack on the Hamsi-256 compression function with a complexity of about 2124.1.


hash function differential cryptanalysis collision attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aumasson, J.-P., Käsper, E., Knudsen, L.R., Matusiewicz, K., Ødegård, R., Peyrin, T., Schläffer, M.: Distinguishers for the Compression Function and Output Transformation of Hamsi-256. In: Steinfeld, R., Hawkes, P. (eds.) ACISP 2010. LNCS, vol. 6168, pp. 87–103. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Biham, E., Anderson, R., Knudsen, L.: Serpent: A New Block Cipher Proposal. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 222–238. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  3. 3.
    Biham, E., Chen, R.: Near-Collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)Google Scholar
  4. 4.
    Boura, C., Canteaut, A.: Zero-Sum Distinguishers for Iterated Permutations and Application to Keccak-f and Hamsi-256. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 1–17. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Brassard, G. (ed.): CRYPTO 1989. LNCS, vol. 435. Springer, Heidelberg (1990)zbMATHGoogle Scholar
  6. 6.
    Çalık, Ç., Turan, M.S.: Message Recovery and Pseudo-preimage Attacks on the Compression Function of Hamsi-256. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 205–221. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Damgård, I.: A Design Principle for Hash Functions. In: Brassard [5], pp. 416–427Google Scholar
  8. 8.
    Dinur, I., Shamir, A.: An Improved Algebraic Attack on Hamsi-256. Cryptology ePrint Archive, Report 2010/602 (2010),
  9. 9.
    Dinur, I., Shamir, A.: An Improved Algebraic Attack on Hamsi-256. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 88–106. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Fuhr, T.: Finding Second Preimages of Short Messages for Hamsi-256. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 20–37. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Joux, A., Peyrin, T.: Hash Functions and the (Amplified) Boomerang Attack. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 244–263. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Küçük, Ö.: The Hash Function Hamsi. Submission to NIST (updated) (2009)Google Scholar
  13. 13.
    Küçük, Ö.: Design and Analysis of Cryptographic Hash Functions. Ph.D. thesis, KU Leuven (April 2012)Google Scholar
  14. 14.
    Li, Y., Wang, A.: Using genetic algorithm to find near collisions for the compress function of Hamsi-256. In: BIC-TA, pp. 826–829. IEEE (2010)Google Scholar
  15. 15.
    Merkle, R.C.: One Way Hash Functions and DES. In: Brassard [5], pp. 428–446Google Scholar
  16. 16.
    National Institute of Standards and Technology: Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family. Federal Register 27(212), 62212–62220 (November 2007),
  17. 17.
    Nikolic, I.: Near Collisions for the Compression Function of Hamsi-256. CRYPTO rump session (2009)Google Scholar
  18. 18.
    Wang, M., Wang, X., Jia, K., Wang, W.: New Pseudo-Near-Collision Attack on Reduced-Round of Hamsi-256. Cryptology ePrint Archive, Report 2009/484 (2009),
  19. 19.
    Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar
  20. 20.
    Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Mario Lamberger
    • 1
  • Florian Mendel
    • 2
  • Vincent Rijmen
    • 2
  1. 1.NXP SemiconductorsAustria
  2. 2.ESAT/COSIC and IBBTKatholieke Universiteit LeuvenBelgium

Personalised recommendations