Difference between revisions of "FORK-256"
From The ECRYPT Hash Function Website
(→Specification) |
(→Collision Attacks) |
||
| Line 63: | Line 63: | ||
volume = {4377}, | volume = {4377}, | ||
isbn = {3-540-69327-0}, | isbn = {3-540-69327-0}, | ||
| − | url = {http:/dx.doi.org/10.1007/11967668_6}, | + | url = {http://dx.doi.org/10.1007/11967668_6}, |
abstract = {FORK-256 is a hash function presented at FSE 2006. Whereas SHA-like designs process messages in one stream, FORK-256 uses four parallel streams for hashing. In this article, we present the first cryptanalytic results on this design strategy. First, we study a linearized variant of FORK-256, and show several unusual properties of this linearized variant. We also explain why the linearized model can not be used to mount attacks similar to the recent attacks by Wang et al. on SHA-like hash functions. Second, we show how collision attacks, exploiting the non-bijectiveness of the nonlinear functions of FORK-256, can be mounted on reduced variants of FORK-256. We show an efficient attack on FORK-256 reduced to 2 streams and present actual colliding pairs. We expect that our attack can also be extended to FORK-256 reduced to 3 streams. For the moment our approach does not appear to be applicable to the full FORK-256 hash function.} } | abstract = {FORK-256 is a hash function presented at FSE 2006. Whereas SHA-like designs process messages in one stream, FORK-256 uses four parallel streams for hashing. In this article, we present the first cryptanalytic results on this design strategy. First, we study a linearized variant of FORK-256, and show several unusual properties of this linearized variant. We also explain why the linearized model can not be used to mount attacks similar to the recent attacks by Wang et al. on SHA-like hash functions. Second, we show how collision attacks, exploiting the non-bijectiveness of the nonlinear functions of FORK-256, can be mounted on reduced variants of FORK-256. We show an efficient attack on FORK-256 reduced to 2 streams and present actual colliding pairs. We expect that our attack can also be extended to FORK-256 reduced to 3 streams. For the moment our approach does not appear to be applicable to the full FORK-256 hash function.} } | ||
</bibtex> | </bibtex> | ||
Revision as of 11:02, 11 March 2008
Contents
1 Specification
- digest size: 256 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 4 streams with each 256-bit chaining variable
- Specification: http://csrc.nist.gov/groups/ST/hash/documents/Sung_FORK-256.pdf
Deukjo Hong, Donghoon Chang, Jaechul Sung, Sangjin Lee, Seokhie Hong, Jaesang Lee, Dukjae Moon, Sungtaek Chee - A New Dedicated 256-Bit Hash Function: FORK-256
- FSE 4047:195-209,2006
- http://dx.doi.org/10.1007/11799313_13
BibtexAuthor : Deukjo Hong, Donghoon Chang, Jaechul Sung, Sangjin Lee, Seokhie Hong, Jaesang Lee, Dukjae Moon, Sungtaek Chee
Title : A New Dedicated 256-Bit Hash Function: FORK-256
In : FSE -
Address :
Date : 2006
Deukjo Hong, Jaechul Sung, Seokhie Hong, Sangjin Lee, Dukjae Moon - A New Dedicated 256-bit Hash Function: FORK-256
- ,2005
- http://csrc.nist.gov/groups/ST/hash/documents/Sung_FORK-256.pdf
BibtexAuthor : Deukjo Hong, Jaechul Sung, Seokhie Hong, Sangjin Lee, Dukjae Moon
Title : A New Dedicated 256-bit Hash Function: FORK-256
In : -
Address :
Date : 2005
2 Cryptanalysis
2.1 Best Known Results
2.2 Generic Attacks
2.3 Collision Attacks
Florian Mendel, Joseph Lano, Bart Preneel - Cryptanalysis of Reduced Variants of the FORK-256 Hash Function
- CT-RSA 4377:85-100,2007
- http://dx.doi.org/10.1007/11967668_6
BibtexAuthor : Florian Mendel, Joseph Lano, Bart Preneel
Title : Cryptanalysis of Reduced Variants of the FORK-256 Hash Function
In : CT-RSA -
Address :
Date : 2007
