Iterative Differentials, Symmetries, and Message Modification in BLAKE-256

ORR DUNKELMAN, Dmitry Khovratovich

Research output: Contribution to conferencePaperpeer-review

Abstract

n this paper we present differential attacks and distinguishers for reduced round variants of the SHA-3 finalist BLAKE-256. Our attacks utilize an iterative differential characteristic, that combined with a rebound process allows finding colliding pairs in the compression function for 3 rounds with complexity
of 260. We then show how to extend this attack to a series of distinguishers up to 6-round BLAKE-256. Even though our attack is not the best in terms in number of rounds, we squeeze out as much as possible of this type of differential attacks. We use neither local collision nor boomerang tricks, which explicitly demonstrating the boundaries of the regular differential approach in attacking BLAKE-256. Additionally, unlike many other attacks on BLAKE-256 that can handle differential characteristics for two rounds at
most, we show that it is possible to find conforming pairs for such differentials (with very little cost) for three rounds, and faster than exhaustive search for six rounds. To overcome the main counter-symmetry operation of BLAKE-256, rotation by 7 bits, we introduce a new tool, a pair of symmetric differentials. Along with the rebound process, our results show that the common
belief that ARX structures offer security against differential attacks due to the low differential probabilities might not hold.
Original languageEnglish
Number of pages13
StatePublished - 2011

Fingerprint

Dive into the research topics of 'Iterative Differentials, Symmetries, and Message Modification in BLAKE-256'. Together they form a unique fingerprint.

Cite this