Collision Attacks on Up to 5 Rounds of SHA-3 Using Generalized Internal Differentials

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8424)


On October 2-nd 2012 NIST announced its selection of the Keccak scheme as the new SHA-3 hash standard. In this paper we present the first published collision finding attacks on reduced-round versions of Keccak-384 and Keccak-512, providing actual collisions for 3-round versions, and describing an attack which is \(2^{45}\) times faster than birthday attacks for 4-round Keccak-384. For Keccak-256, we increase the number of rounds which can be attacked to 5. All these results are based on a generalized internal differential attack (introduced by Peyrin at Crypto 2010), and use it to map a large number of Keccak inputs into a relatively small subset of possible outputs with a surprisingly large probability. In such a squeeze attack it is easier to find random collisions in the reduced target subset by a standard birthday argument.


Hash function Cryptanalysis SHA-3 Keccak Collisions Internal differentials Squeeze attack 

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.Computer Science DepartmentThe Weizmann InstituteRehovotIsrael
  2. 2.Computer Science DepartmentUniversity of HaifaHaifaIsrael

Personalised recommendations