# Hamsi

## 1 The algorithm

Özgül Küçük - The Hash Function Hamsi
Submission to NIST (updated), 2009
[Electronic Edition] [Bibtex]
Author : Özgül Küçük
Title : The Hash Function Hamsi
In : Submission to NIST (updated) -

Özgül Küçük - The Hash Function Hamsi
Submission to NIST, 2008
[Electronic Edition] [Bibtex]
Author : Özgül Küçük
Title : The Hash Function Hamsi
In : Submission to NIST -

## 2 Cryptanalysis

We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.

A description of the tables is given here.

Recommended security parameters: (3,6) P,Pf rounds (n=224,256); (6,12) P,Pf rounds (n=384,512).

### 2.1 Hash function

Here we list results on the actual hash function. The only allowed modification is to change the security parameter.

 Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference 2nd-preimage hash function 256 (3,6) 2247 ? Dinur,Shamir 2nd-preimage hash function 256 (3,6) 2251.3 ? Fuhr

### 2.2 Building blocks

Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.

Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).

 Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference distinguisher output transformation 256 6 rounds 210 - Boura,Canteaut semi-free-start near-collisions compression function 256 2 rounds example - Turan,Uyan observations hash function all Gligoroski distinguisher output transformation 224, 256 6 rounds 2124.3 Aumasson et al. distinguisher permutation 224, 256 6 rounds 228 Aumasson et al. free-start near-collision compression function 224, 256 3 rounds 226 Aumasson et al. non-randomness compression function 224, 256 5 rounds Aumasson free-start near-collision compression function 224, 256 3 rounds 221 Nikolic distinguisher compression function 224, 256 6 rounds 227 Aumasson,Meier distinguisher compression function 384, 512 12 rounds 2729 Aumasson,Meier free-start near-collision compression function 224, 256 3 rounds 25 Wang,Wang,Jia,Wang free-start near-collision compression function 224, 256 4 rounds 232 Wang,Wang,Jia,Wang free-start near-collision compression function 224, 256 5 rounds 2125 Wang,Wang,Jia,Wang message-recovery compression function 224, 256 3 rounds 210.48 Calik,Turan pseudo-2nd-preimage hash function 256 (3,6) rounds 2254.25 Calik,Turan

Itai Dinur, Adi Shamir - An Improved Algebraic Attack on Hamsi-256
Cryptology ePrint Archive, Report 2010/602, 2010
[Electronic Edition] [Bibtex]
Author : Itai Dinur, Adi Shamir
Title : An Improved Algebraic Attack on Hamsi-256
In : Cryptology ePrint Archive, Report 2010/602 -
[Abstract]

Christina Boura, Anne Canteau - Zero-Sum Distinguishers for Iterated Permutations and Application to Keccak-f and Hamsi-256
In Proceedings of SAC, LNCS, pp. , Springer, 2010
[Electronic Edition] [Bibtex]
Author : Christina Boura, Anne Canteau
Title : Zero-Sum Distinguishers for Iterated Permutations and Application to Keccak-f and Hamsi-256
In : In Proceedings of SAC -
[Abstract]

Meltem Sönmez Turan, Erdener Uyan - Practical Near-Collisions for Reduced Round Blake, Fugue, Hamsi and JH
Second SHA-3 Candidate Conference, 2010
[Electronic Edition] [Bibtex]
Author : Meltem Sönmez Turan, Erdener Uyan
Title : Practical Near-Collisions for Reduced Round Blake, Fugue, Hamsi and JH
In : Second SHA-3 Candidate Conference -
[Abstract]

Thomas Fuhr - Finding Second Preimages of Short Messages for Hamsi-256
In Advances in Cryptology - ASIACRYPT 2010, Proceedings, 2010
[Electronic Edition] [Bibtex]
Author : Thomas Fuhr
Title : Finding Second Preimages of Short Messages for Hamsi-256
In : In Advances in Cryptology - ASIACRYPT 2010, Proceedings -

Danilo Gligoroski - Narrow-pipe SHA-3 candidates differ significantly from ideal random functions defined over big domains
NIST mailing list, 2010
[Electronic Edition] [Bibtex]
Author : Danilo Gligoroski
Title : Narrow-pipe SHA-3 candidates differ significantly from ideal random functions defined over big domains
In : NIST mailing list -

Jean-Philippe Aumasson, Emilia Käsper, Lars Ramkilde Knudsen, Krystian Matusiewicz, Rune Ødegaard, Thomas Peyrin, Martin Schläffer - Distinguishers for the compression function and output transformation of Hamsi-256
In Proceedings of ACISP, LNCS 6168, pp. 87-103, Springer, 2010
[Electronic Edition] [Bibtex]
Author : Jean-Philippe Aumasson, Emilia Käsper, Lars Ramkilde Knudsen, Krystian Matusiewicz, Rune Ødegaard, Thomas Peyrin, Martin Schläffer
Title : Distinguishers for the compression function and output transformation of Hamsi-256
In : In Proceedings of ACISP -
[Abstract]

Jean-Philippe Aumasson - On the pseudorandomness of Hamsi
NIST mailing list (local link), 2009
[Electronic Edition] [Bibtex]
Author : Jean-Philippe Aumasson
Title : On the pseudorandomness of Hamsi
In : NIST mailing list (local link) -

Ivica Nikolic - Near Collisions for the Compression Function of Hamsi-256
CRYPTO rump session, 2009
[Electronic Edition] [Bibtex]
Author : Ivica Nikolic
Title : Near Collisions for the Compression Function of Hamsi-256
In : CRYPTO rump session -

Jean-Philippe Aumasson, Willi Meier - Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi
NIST mailing list, 2009
[Electronic Edition] [Bibtex]
Author : Jean-Philippe Aumasson, Willi Meier
Title : Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi
In : NIST mailing list -
[Abstract]

Meiqin Wang, Xiaoyun Wang, Keting Jia, Wei Wang - New Pseudo-Near-Collision Attack on Reduced-Round of Hamsi-256
Cryptology ePrint Archive, Report 2009/484, 2009
[Electronic Edition] [Bibtex]
Author : Meiqin Wang, Xiaoyun Wang, Keting Jia, Wei Wang
Title : New Pseudo-Near-Collision Attack on Reduced-Round of Hamsi-256
In : Cryptology ePrint Archive, Report 2009/484 -
[Abstract]

Cagdas Calik, Meltem Sonmez Turan - Message Recovery and Pseudo-Preimage Attacks on the Compression Function of Hamsi-256
Cryptology ePrint Archive, Report 2010/057
[Electronic Edition] [Bibtex]
Author : Cagdas Calik, Meltem Sonmez Turan
Title : Message Recovery and Pseudo-Preimage Attacks on the Compression Function of Hamsi-256
In : Cryptology ePrint Archive, Report 2010/057 -
[Abstract]