The recently started SHA-3 competition in order to find a new secure hash standard and thus a replacement for SHA-1/SHA-2 has attracted a lot of interest in the academic world as well as in industry. There are 51 round one candidates building on sometimes very different principles. In this paper, we show how to attack two of the 51 round one hash functions. The attacks have in common that they ...

In August 2012, the Stribog hash function was selected as the new Russian hash standard (GOST R 34.11-2012). Stribog is an AES-based primitive and is considered as an asymmetric reply to the new SHA-3. In this paper we investigate the collision resistance of the Stribog compression function and its internal cipher. Specifically, we present a message differential path for the internal block ciph...

We analyze the Grøstl hash function, which is a 2nd-round candidate of the SHA-3 competition. Using the start-from-the-middle variant of the rebound technique, we show collision attacks on the Grøstl-256 hash function reduced to 5 and 6 out of 10 rounds with time complexities 2 and 2, respectively. Furthermore, we demonstrate semi-free-start collision attacks on the Grøstl-224 and -256 hash fun...

EDON-R is one of the candidate hash functions for the ongoing NIST competition for the next cryptographic hash standard called SHA-3. Its construction is based on algebraic properties of non-commutative and non-associative quasigroups of orders 2 and 2. In this paper we are giving some of our results in investigation of the randomness and regularity of reduced EDON-R compression functions over ...

Pseudonym systems allow users to interact with multiple orga nizations anonymously using pseudonyms The pseudonyms cannot be linked but are formed in such a way that a user can prove to one organization a statement about his relationship with another Such a statement is called a credential Previous work in this area did not protect the system against dis honest users who collectively use their ...

In this paper we analyse the security of the SHA-3 candidate ARIRANG. We show that bitwise complementation of whole registers turns out to be very useful for constructing high-probability differential characteristics in the function. We use this approach to find nearcollisions with Hamming weight 32 for the full compression function as well as collisions for the compression function of ARIRANG ...

Hamsi-256 is designed by Özgül Kücük and it has been a candidate Hash function for the second round of SHA-3. The compression function of Hamsi-256 maps a 256-bit chaining value and a 32-bit message to a new 256-bit chaining value. As hashing a message, Hamsi-256 operates 3-round except for the last message it operates 6-round. In this paper, we will give the pseudo-near-collision for 5-round H...