Twister – A Framework for Secure and Fast Hash Functions

  • Ewan Fleischmann
  • Christian Forler
  • Michael Gorski
  • Stefan Lucks
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5451)


In this paper we present Twister, a new framework for hash functions. Twister incorporates the ideas of wide pipe and sponge functions. The core of this framework is a – very easy to analyze – Mini-Round providing both extremely fast diffusion as well as collision-freeness for one Mini-Round. The total security level is claimed to be not below 2 n/2 for collision attacks and 2 n for 2nd pre-image attacks. Twister instantiations are secure against all known generic attacks. We also propose three instances Twister-n for hash output sizes n = 224,256,384,512. These instantiations are highly optimized for 64-bit architectures and run very fast in hardware and software, e.g Twister-256 is faster than SHA2-256 on 64-bit platforms and Twister-512 is faster than SHA2-512 on 32-bit platforms. Furthermore, Twister scales very well on low-end platforms.


Hash Function Sponge Function AES HAIFA Wide pipe Randomized Hashing 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Andreeva, E., Bouillaguet, C., Fouque, P.-A., Hoch, J.J., Kelsey, J., Shamir, A., Zimmer, S.: Second Preimage Attacks on Dithered Hash Functions. In: Smart [39], pp. 270–288 (2008)Google Scholar
  2. 2.
    Aumasson, J.-P., Meier, W., Phan, R.C.-W.: The Hash Function Family LAKE. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 36–53. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Radiogatun, a belt-and-mill hash function. Presented at Second Cryptographic Hash Workshop, Santa Barbara (August 24-25, 2006) (2006),
  4. 4.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge Functions. Ecrypt Hash Workshop (2007),
  5. 5.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the Indifferentiability of the Sponge Construction. In: Smart [39], pp. 181–197 (2008)Google Scholar
  6. 6.
    Biham, E., Chen, R.: Near-Collisions of SHA-0. In: Franklin [19], pp. 290–305 (2004)Google Scholar
  7. 7.
    Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C., Jalby, W.: Collisions of SHA-0 and Reduced SHA-1. In: Cramer [14], pp. 36–57 (2005)Google Scholar
  8. 8.
    Biham, E., Dunkelman, O.: A Framework for Iterative Hash Functions - HAIFA. Cryptology ePrint Archive, Report 2007/278 (2007)Google Scholar
  9. 9.
    Biryukov, A. (ed.): FSE 2007. LNCS, vol. 4593. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  10. 10.
    Black, J., Rogaway, P., Shrimpton, T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320–335. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Brassard, G. (ed.): CRYPTO 1989. LNCS, vol. 435. Springer, Heidelberg (1990)zbMATHGoogle Scholar
  12. 12.
    De Cannière, C., Rechberger, C.: Finding SHA-1 characteristics: General results and applications. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 1–20. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Chabaud, F., Joux, A.: Differential Collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  14. 14.
    Cramer, R. (ed.): EUROCRYPT 2005. LNCS, vol. 3494. Springer, Heidelberg (2005)zbMATHGoogle Scholar
  15. 15.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, Heidelberg (2002)CrossRefzbMATHGoogle Scholar
  16. 16.
    Damgård, I.: A Design Principle for Hash Functions. In: Brassard [11], pp. 416–427 (1989)Google Scholar
  17. 17.
    Deam, R.D.: Formal Aspects of Mobile Code Security. Ph.D. dissertation, Princeton University (1999)Google Scholar
  18. 18.
    Dobbertin, H.: Cryptanalysis of MD4. J. Cryptology 11(4), 253–271 (1998)CrossRefzbMATHGoogle Scholar
  19. 19.
    Franklin, M. K. (ed.): CRYPTO 2004. LNCS, vol. 3152. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  20. 20.
    Gorski, M., Lucks, S., Peyrin, T.: Slide Attacks on Hash Functions. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 143–160. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    Hong, D., Chang, D., Sung, J., Lee, S.-J., Hong, S.H., Lee, J.S., Moon, D., Chee, S.: A New Dedicated 256-Bit Hash Function: FORK-256. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 195–209. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Joux, A.: Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions. In: Franklin [19], pp. 306–316 (2004)Google Scholar
  23. 23.
    Kelsey, J., Kohno, T.: Herding Hash Functions and the Nostradamus Attack. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 183–200. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  24. 24.
    Kelsey, J., Schneier, B.: Second Preimages on n-Bit Hash Functions for Much Less than 2\(^{\mbox{n}}\) Work. In: Cramer [14], pp. 474–490 (2005)Google Scholar
  25. 25.
    Knudsen, L.R.: SMASH - A Cryptographic Hash Function. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 228–242. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  26. 26.
    Knudsen, L.R., Rechberger, C., Thomsen, S.S.: The Grindahl Hash Functions. In: Biryukov [9], pp. 39–57 (2007)Google Scholar
  27. 27.
    Lucks, S.: A Failure-Friendly Design Principle for Hash Functions. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 474–494. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  28. 28.
    MacWilliams, F.I., Sloane, N.J.A.: The Theory of Error-Correcting Codes (1977)Google Scholar
  29. 29.
    Matusiewicz, K., Peyrin, T., Billet, O., Contini, S., Pieprzyk, J.: Cryptanalysis of FORK-256. In: Biryukov [9], pp. 19–38 (2007)Google Scholar
  30. 30.
    Mendel, F., Schläffer, M.: Collisions for Round-Reduced LAKE. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 267–281. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  31. 31.
    Merkle, R.C.: One Way Hash Functions and DES. In: Brassard [11], pp. 428–446 (1989)Google Scholar
  32. 32.
    National Institute of Standards and Technology. Cryptographic Hash Project,
  33. 33.
    National Institute of Standards and Technology. FIPS 180-1: Secure Hash Standard (April 1995),
  34. 34.
    National Institute of Standards and Technology. FIPS 180: Secure Hash Standard (1993),
  35. 35.
    Peyrin, T.: Cryptanalysis of Grindahl. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 551–567. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  36. 36.
    Pramstaller, N., Rechberger, C., Rijmen, V.: Breaking a New Hash Function Design Strategy Called SMASH. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 233–244. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  37. 37.
    Rijmen, V., Oswald, E.: Update on SHA-1. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 58–71. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  38. 38.
    Rivest, R.: The MD5 Message-Digest Algorithm (1992)Google Scholar
  39. 39.
    Smart, N.P. (ed.): EUROCRYPT 2008. LNCS, vol. 4965. Springer, Heidelberg (2008)zbMATHGoogle Scholar
  40. 40.
    Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer [14], pp. 1–18 (2005)Google Scholar
  41. 41.
    Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  42. 42.
    Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer [14], pp. 19–35 (2005)Google Scholar
  43. 43.
    Yi, X., Cheng, S.X., You, X.H., Lam, K.Y.: A Method for Obtaining Cryptographically Strong 8x8 S-boxes. In: IEEE Global Telecommunications Conference, GLOBECOM 1997, vol. 2, pp. 689–693 (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Ewan Fleischmann
    • 1
  • Christian Forler
    • 2
  • Michael Gorski
    • 1
  • Stefan Lucks
    • 1
  1. 1.Bauhaus-University WeimarGermany
  2. 2.Sirrix AG Security TechnologiesGermany

Personalised recommendations