Partial-Collision Attack on the Round-Reduced Compression Function of Skein-256

Conference paper

DOI: 10.1007/978-3-662-43933-3_14

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8424)
Cite this paper as:
Yu H., Chen J., Wang X. (2014) Partial-Collision Attack on the Round-Reduced Compression Function of Skein-256. In: Moriai S. (eds) Fast Software Encryption. FSE 2013. Lecture Notes in Computer Science, vol 8424. Springer, Berlin, Heidelberg


The hash function Skein is one of 5 finalists of the NIST SHA-3 competition. It is based on the block cipher Threefish which only uses three primitive operations: modular addition, rotation and bitwise XOR (ARX). This paper proposes a free-start partial-collision attack on round-reduced Skein-256 by combing the rebound attack with the modular differential techniques. The main idea of our attack is to connect two short differential paths into a long one with another differential characteristic that is complicated. Following our path, we give a free-start partial-collision attack on Skein-256 reduced to 32 rounds with Hamming distance 50 and complexity about \(2^{85}\) hash computations. In particular, we provide practical near-collision examples for Skein-256 reduced to 24 rounds and 28 rounds in the fixed tweaks and choosing tweaks setting separately.

As far as we know, this is the first construction of a non-linear differential path for Skein which can lead to significantly improvement over previous analysis.


Hash function Near-collision SHA-3 Skein 

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.Department of Computer Science and TechnologyTsinghua UniversityBeijingChina
  2. 2.Institute for Advanced StudyTsinghua UniversityBeijingChina
  3. 3.Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, School of MathematicsShandong UniversityJinanChina

Personalised recommendations