[Cryptography] Potential Vulnerabilities in SM3 Hash (and Related Algorithms)?

Danny Mitchell fishcustard at gmail.com
Tue Oct 31 07:06:38 EDT 2017

On 30/10/2017, R0b0t1 <r030t1 at gmail.com> wrote:
> A patch to gcrypt was proposed on the mailing list to add SM3, a hash
> function sponsored by a Chinese government body. The function contains
> unjustified changes and picked constants.
> Is it possible the hash function is insecure? I am of the opinion that
> it is, but despite my concerns the patch was merged with gcrypt.
> Respectfully,
>      R0b0t1
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

There have been several cryptanyses of round-reduced SM3, notably
using boomerang analysis. See
Kircanski, A., and Youssef, A., "Boomerang and Slide-Rotational
Analysis of the SM3 Hash Function" (2012),
https://link.springer.com/chapter/10.1007/978-3-642-35999-6_20, pdf
available at https://eprint.iacr.org/2012/274.pdf
Bai, D., Yu, H., Wang, G., and Wang, X., "Improved Boomerang Attacks
on Round-Reduced SM3 and Keyed Permutation of BLAKE-256" (2013),
https://link.springer.com/chapter/10.1007/978-3-642-39059-3_17, pdf
available at https://eprint.iacr.org/2013/852.pdf
Mendel, F., Nad, T, and Schlaffer, M., "Finding Collisions for
Round-Reduced SM3" (2013),
pdf available from
Shen, Y., Bai, D., and Yu, H., "Improved cryptanalysis of step-reduced
SM3" (to be published 2018),

More information about the cryptography mailing list