@inproceedings{6a0ab650f45d4469bb6e5ca45a0387ba,
title = "An improved algebraic attack on Hamsi-256",
abstract = "Hamsi is one of the 14 second-stage candidates in NIST's SHA-3 competition. The only previous attack on this hash function was a very marginal attack on its 256-bit version published by Thomas Fuhr at Asiacrypt 2010, which is better than generic attacks only for very short messages of fewer than 100 32-bit blocks, and is only 26 times faster than a straightforward exhaustive search attack. In this paper we describe a different algebraic attack which is less marginal: It is better than the best known generic attack for all practical message sizes (up to 4 gigabytes), and it outperforms exhaustive search by a factor of at least 512. The attack is based on the observation that in order to discard a possible second preimage, it suffices to show that one of its hashed output bits is wrong. Since the output bits of the compression function of Hamsi-256 can be described by low degree polynomials, it is actually faster to compute a small number of output bits by a fast polynomial evaluation technique rather than via the official algorithm.",
keywords = "Algebraic attacks, Hamsi, hash functions, second preimages",
author = "Itai Dinur and Adi Shamir",
year = "2011",
month = jul,
day = "11",
doi = "10.1007/978-3-642-21702-9_6",
language = "American English",
isbn = "9783642217012",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "88--106",
booktitle = "Fast Software Encryption - 18th International Workshop, FSE 2011, Revised Selected Papers",
note = "18th International Workshop on Fast Software Encryption, FSE 2011 ; Conference date: 13-02-2011 Through 16-02-2011",
}