Abstract
Blue Midnight Wish (BMW) is one of the fastest SHA-3 candidates
in the second round of the competition. In this paper we study
the compression function of BMW and we obtain practical partial collisions
in the case of BMW-256: we show a pair of inputs so that 300
pre-specified bits of the outputs collide (out of 512 bits). Our attack requires
about 232 evaluations of the compression function. The attack can
also be considered as a near-collision attack: we give an input pair with
only 122 active bits in the output, while generic algorithm would require
255 operations for the same result. A similar attack can be developed
for BMW-512, which will gives message pairs with around 600 colliding
bits for a cost of 264. This analysis does not affect the security of the
iterated hash function, but it shows that the compression function is far
from ideal.
We also describe some tools for the analysis of systems of additions
and rotations, which are used in our attack, and which can be useful for
the analysis of other systems.
| Original language | English |
|---|---|
| Title of host publication | Lecture Notes in Computer Science |
| Editors | Antoine Joux |
| Volume | 6733 |
| Publisher | Springer |
| Publication date | 2011 |
| Pages | 238-251 |
| Publication status | Published - 2011 |
| Event | 18th International Workshop on Fast Software Encryption - Lyngby, Denmark Duration: 14 Feb 2011 → 16 Feb 2011 http://fse2011.mat.dtu.dk/ |
Workshop
| Workshop | 18th International Workshop on Fast Software Encryption |
|---|---|
| Country/Territory | Denmark |
| City | Lyngby |
| Period | 14/02/2011 → 16/02/2011 |
| Internet address |