In this work we show the existence of special sets of inputs for which the sum of the images under SHA3 exhibits a symmetric property. We develop an analytical framework which accounts for the existence of these sets. The framework constitutes identification of a generic property of iterated SPN based functions pertaining to the round-constant addition and combining it with the notion of m−fold...

We explore the feasibility of applying SAT solvers to optimizing implementations of small functions such as S-boxes for multiple optimization criteria, e.g., the number of nonlinear gates and the number of gates. We provide optimized implementations for the S-boxes used in Ascon, ICEPOLE, Joltik/Piccolo, Keccak/Ketje/Keyak, LAC, Minalpher, PRIMATEs, Prøst, and RECTANGLE, most of which are candi...

We benchmarked many implementations of all remaining SHA-3 candidate algorithms on several platforms. The benchmarking method used in this report is called XBX, short for eXternal Benchmarking eXtension, an extension of the SUPERCOP-eBASH framework [7] that allows benchmarking small devices. For details on how XBX works, please see [3]. The main sources of candidate implementations were SUPERCO...

The structure of K allows a fair amount of diversity in the way it can be implemented. However, it is o en not trivial to select the optimal options in given circumstances, and sometimes one may even not be aware of all of K ’s implementation techniques. We here briefly present different techniques, referring to external documents for the details. K defines a family of sponge functions with sev...

In this paper, we investigate the security of SHA-3 candidate BLAKE. We analyse the propagation of differences that are rotation-invariant in the internal function G. We show that by using them, it is possible to obtain near-collisions for the compression function reduced to 4 rounds out of 10. We also discuss the security of some variants of BLAKE.

In this paper we present results of uniform logical cryptanalysis method applied to cryptographic hash function CubeHash. During the last decade, some of the most popular cryptographic hash functions were broken. Therefore, in 2007, National Institute of Standards and Technology (NIST), announced an international competition for a new Hash Standard called SHA-3. Only 14 candidates passed first ...

BLAKE is a hash function selected by NIST as one of the 14 second round candidates for the SHA-3 Competition. In this paper, we follow a bottom-up approach to exhibit properties of BLAKE and of its building blocks: based on differential properties of the internal function G, we show that a round of BLAKE is a permutation on the message space, and present an efficient inversion algorithm. For 1....

Recent years have witnessed an exceptional research interest in cryptographic hash functions, especially after the popular attacks against MD5 and SHA-1 in 2005. In 2007, the U.S. National Institute of Standards and Technology (NIST) has also significantly boosted this interest by announcing a public competition to select the next hash function standard, to be named SHA-3. Not surprisingly, the...

In this paper we present a comprehensive comparison of all Round 3 SHA-3 candidates and the current standard SHA-2 from the point of view of hardware performance in modern FPGAs. Each algorithm is implemented using multiple architectures based on the concepts of folding, unrolling, and pipelining. Trade-offs between speed and area are investigated, and the best architecture from the point of vi...

The submissions to the SHA-3 competition include a reference implementation in C, built on top of a standard programmer's interface (API). This greatly improves the evaluation process: it enables portability across platforms, and it makes performance comparison of the algorithms easy. For hardware crypto-implementations, such a standard interface does not exist. As a result, the evaluation and ...