Cryptanalysis of FORK-256
T. Peyrin and O. Billet

Abstract: This work exposes a practical attack against the new hash function design FORK-256 proposed by Hong et al. at FSE 2006. Our attack allows to find a collision against a 160-bit truncated version of FORK-256's compression function with a complexity of 249 hash computations and with negligible memory. This has to be compared with the theoretical complexity of 280 hash computations given by the birthday paradox. Additionally, we expose a 1-bit (resp. 2-bit) near-collision attack against the full version of FORK-256 running with a complexity of 2125 (resp. 2120) and with negligible memory, and exhibit a 22-bit near collision. Finally, we discuss very recent independent results about FORK-256, and show how our attack strategy can be used to improve upon these results to yield a collision against the complete version of FORK-256 with a complexity of 2109 hash computations and about 264 memory.

Available material:

See also: