New attacks on Keccak-224 and Keccak-256

Itai Dinur, Orr Dunkelman, Adi Shamir

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


The Keccak hash function is one of the five finalists in NIST's SHA-3 competition, and so far it showed remarkable resistance against practical collision finding attacks: After several years of cryptanalysis and a lot of effort, the largest number of Keccak rounds for which actual collisions were found was only 2. In this paper we develop improved collision finding techniques which enable us to double this number. More precisely, we can now find within a few minutes on a single PC actual collisions in standard Keccak-224 and Keccak-256, where the only modification is to reduce their number of rounds to 4. When we apply our techniques to 5-round Keccak, we can get in a few days excellent near collisions, where the Hamming distance is 5 in the case of Keccak-224 and 10 in the case of Keccak-256. Our new attack combines differential and algebraic techniques, and uses the fact that each round of Keccak is only a quadratic mapping in order to efficiently find pairs of messages which follow a high probability differential characteristic.

Original languageEnglish
Title of host publicationFast Software Encryption - 19th International Workshop, FSE 2012, Revised Selected Papers
Number of pages20
StatePublished - 2012
Event19th International Workshop on Fast Software Encryption, FSE 2012 - Washington, DC, United States
Duration: 19 Mar 201221 Mar 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7549 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference19th International Workshop on Fast Software Encryption, FSE 2012
Country/TerritoryUnited States
CityWashington, DC


  • Cryptanalysis
  • Keccak
  • SHA-3
  • collision
  • near-collision
  • practical attack

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'New attacks on Keccak-224 and Keccak-256'. Together they form a unique fingerprint.

Cite this