Abstract
BLAKE2 is a hash function introduced at ACNS 2013, which has been adopted in many constructions and applications. It is a successor to the SHA-3 finalist BLAKE, which received a significant amount of security analysis. Nevertheless, BLAKE2 introduces sufficient changes so that not all results from BLAKE carry over, meaning new analysis is necessary. To date, all known cryptanalysis done on BLAKE2 has focused on its underlying building blocks, with little focus placed on understanding BLAKE2’s generic security. We prove that BLAKE2’s compression function is indifferentiable from a random function in a weakly ideal cipher model, which was not the case for BLAKE. This implies that there are no generic attacks against any of the modes that BLAKE2 uses.
Highlights
Widespread adoption of cryptographic algorithms in practice often occurs regardless of their scrutiny by the cryptographic community
Since its introduction in 2013, the hash function BLAKE2 has seen quick adoption, despite the fact that it had not received as much analysis as the SHA-3 finalists. It is a modification of the SHA-3 finalist BLAKE, which has high software performance and withstood extensive cryptanalysis [CPB+12, Section 3.1]
Using a weakly ideal block cipher, we prove that the compression function is indifferentiable from a random function up to a query complexity of about 2n/2, where n is the state size of the compression function
Summary
Widespread adoption of cryptographic algorithms in practice often occurs regardless of their scrutiny by the cryptographic community Competitions such as AES and SHA-3 popularize thoroughly analyzed algorithms, they are not the only means with which practitioners find new algorithms. Since its introduction in 2013, the hash function BLAKE2 has seen quick adoption, despite the fact that it had not received as much analysis as the SHA-3 finalists. It is a modification of the SHA-3 finalist BLAKE, which has high software performance and withstood extensive cryptanalysis [CPB+12, Section 3.1]. Properly analyzing the security of the BLAKE2 modes of operation is important
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have