Abstract. In this paper, we present new results on the second-round SHA-3 candidate ECHO. We describe a method to construct a collision in the compression function of ECHO-256 reduced to four rounds in 252 operations on AES-columns without significant memory requirements. Our attack uses the most recent analyses on ECHO, in particular the SuperSBox and SuperMixColumns layers to utilize efficiently the available freedom degrees. We also show why some of these results are flawed and we propose a solution to fix them. Our work improves the time and memory complexity of previous known techniques by using available freedom degrees more precisely. Finally, we validate our work by an implementation leading to near-collisions in 236 operations for ...
In this paper, we analyze the SHAvite-3-512 hash function, as proposed and tweaked for round 2 of th...
In this paper we analyse the security of the SHA-3 candidate ARIRANG. We show that bitwise complemen...
In this paper, we analyze the SHAvite-3-512 hash function, as proposed and tweaked for round 2 of th...
Abstract. In this paper, we present new results on the second-round SHA-3 candidate ECHO. We describ...
International audienceIn this paper, we present new results on the second-round SHA-3 candidate ECHO...
International audienceECHO-256 is a second-round candidate of the SHA-3 competition. It is an AES-ba...
In this work we present first results for the hash function of ECHO. We provide a subspace distingui...
This paper presents the first non-trivial collision attack on the double-block-length compression fu...
Abstract. In this paper, we focus on the construction of semi-free-start collisions for SHA-256, and...
Abstract. In this work, we introduce a new non-random property for hash/compression functions using ...
The Keccak sponge function family, designed by Bertoni et al. in 2007, was selected by the U.S. Nati...
In a paper published in FSE 2007, a way of obtaining near-collisions and in theory also collisions f...
In this paper, we present a collision attack on the SHA-3 submission SHAMATA. SHAMATA is a stream ci...
In this work, we apply the rebound attack to the AES based SHA-3 candidate Lane. The hash function L...
The main contributions of this paper are two-fold. Firstly, we present a novel direction in the ...
In this paper, we analyze the SHAvite-3-512 hash function, as proposed and tweaked for round 2 of th...
In this paper we analyse the security of the SHA-3 candidate ARIRANG. We show that bitwise complemen...
In this paper, we analyze the SHAvite-3-512 hash function, as proposed and tweaked for round 2 of th...
Abstract. In this paper, we present new results on the second-round SHA-3 candidate ECHO. We describ...
International audienceIn this paper, we present new results on the second-round SHA-3 candidate ECHO...
International audienceECHO-256 is a second-round candidate of the SHA-3 competition. It is an AES-ba...
In this work we present first results for the hash function of ECHO. We provide a subspace distingui...
This paper presents the first non-trivial collision attack on the double-block-length compression fu...
Abstract. In this paper, we focus on the construction of semi-free-start collisions for SHA-256, and...
Abstract. In this work, we introduce a new non-random property for hash/compression functions using ...
The Keccak sponge function family, designed by Bertoni et al. in 2007, was selected by the U.S. Nati...
In a paper published in FSE 2007, a way of obtaining near-collisions and in theory also collisions f...
In this paper, we present a collision attack on the SHA-3 submission SHAMATA. SHAMATA is a stream ci...
In this work, we apply the rebound attack to the AES based SHA-3 candidate Lane. The hash function L...
The main contributions of this paper are two-fold. Firstly, we present a novel direction in the ...
In this paper, we analyze the SHAvite-3-512 hash function, as proposed and tweaked for round 2 of th...
In this paper we analyse the security of the SHA-3 candidate ARIRANG. We show that bitwise complemen...
In this paper, we analyze the SHAvite-3-512 hash function, as proposed and tweaked for round 2 of th...