Using carry-truncated addition to analyze add-rotate-xor hash algorithms
This work addresses security vulnerabilities in widely used hash functions like Blake and Skein, though it is incremental as it builds on existing analysis methods.
The authors tackled the analysis of ARX hash functions by introducing a truncated addition operation that approximates ordinary addition, enabling them to define a sensitivity metric to measure approximation effectiveness. They found that this approximation reduces complexity, making algorithms like Skein more vulnerable to attacks, with a potential collision attack outlined.
We introduce a truncated addition operation on pairs of N-bit binary numbers that interpolates between ordinary addition mod 2^N and bitwise addition in (Z/2Z)^N. We use truncated addition to analyze hash functions that are built from the bit operations add, rotate, and xor, such as Blake, Skein, and Cubehash. Any ARX algorithm can be approximated by replacing ordinary addition with truncated addition, and we define a metric on such algorithms which we call the {\bf sensitivity}. This metric measures the smallest approximation agreeing with the full algorithm a statistically useful portion of the time (we use 0.1%). Because truncated addition greatly reduces the complexity of the non-linear operation in ARX algorithms, the approximated algorithms are more susceptible to both collision and pre-image attacks, and we outline a potential collision attack explicitly. We particularize some of these observations to the Skein hash function.