Cryptanalysis of the LAKE hash family

Alex Biryukov*, Praveen Gauravaram, Jian Guo, Dmitry Khovratovich, San Ling, Krystian Matusiewicz, Ivica Nikolić, Josef Pieprzyk, Huaxiong Wang

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

4 Citations (Scopus)


We analyse the security of the cryptographic hash function LAKE-256 proposed at FSE 2008 by Aumasson, Meier and Phan. By exploiting non-injectivity of some of the building primitives of LAKE, we show three different collision and near-collision attacks on the compression function. The first attack uses differences in the chaining values and the block counter and finds collisions with complexity 233. The second attack utilizes differences in the chaining values and salt and yields collisions with complexity 242. The final attack uses differences only in the chaining values to yield near-collisions with complexity 299. All our attacks are independent of the number of rounds in the compression function. We illustrate the first two attacks by showing examples of collisions and near-collisions.

Original languageEnglish
Title of host publicationFast software encryption
Subtitle of host publication16th International Workshop, FSE 2009, Leuven, Belgium, February 22-25, 2009, Revised Selected Papers
EditorsOrr Dunkelman
Place of PublicationBerlin
PublisherSpringer, Springer Nature
Number of pages24
ISBN (Print)3642033164, 9783642033162
Publication statusPublished - 2009
Event16th International Workshop on Fast Software Encryption, FSE 2009 - Leuven, Belgium
Duration: 22 Feb 200925 Feb 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5665 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349


Other16th International Workshop on Fast Software Encryption, FSE 2009


Dive into the research topics of 'Cryptanalysis of the LAKE hash family'. Together they form a unique fingerprint.

Cite this