[Resource Topic] 2006/317: Weaknesses of the FORK-256 compression function

Welcome to the resource topic for 2006/317

Weaknesses of the FORK-256 compression function

Authors: Krystian Matusiewicz, Scott Contini, Josef Pieprzyk


This report presents analysis of the compression function of a recently proposed hash function, FORK-256. We exhibit some unexpected differentials existing for the step transformation and show their possible uses in collision-finding attacks on different variants of FORK-256. As a simple application of those observations we present a method of finding chosen IV collisions for a variant of FORK-256 reduced to two branches : either 1 and 2 or 3 and 4. Moreover, we present how those differentials can be used in the full FORK-256 to easily find messages with hashes differing by only a relatively small number of bits. We argue that this method allows for finding collisions in the full function with complexity not exceeding 2^{126.6} hash evaluations, better than birthday attack and additionally requiring only a small amount of memory.

ePrint: https://eprint.iacr.org/2006/317

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .