FORK-256

FORK-256 is a hash algorithm designed in response to security issues discovered in the earlier SHA-1 and MD5 algorithms. After substantial cryptanalysis, the algorithm is considered broken.

Background
In 2005, Xiaoyun Wang announced an order-$$2^{63}$$ collision attack on the government's hash standard SHA-1. The National Institute of Standards and Technology (NIST), the body responsible for setting cryptographic standards in the United States, concluded this was a practical attack (as previous estimates were order-$$2^{80}$$) and began encouraging additional research into hash functions and their weaknesses. As part of this effort, NIST hosted two workshops where potential new algorithms, including FORK-256, were introduced and discussed. Rather than immediately select any of these algorithms, NIST conducted a public competition from 2007–2012 which ultimately resulted in the Keccak algorithm being selected for use as the SHA-3 standard.

Algorithm and Analysis
FORK-256 was introduced at the 2005 NIST Hash workshop and published the following year. FORK-256 uses 512-bit blocks and implements preset constants that change after each repetition. Each block is hashed into a 256-bit block through four branches that divides each 512 block into sixteen 32-bit words that are further encrypted and rearranged.

The initial algorithm garnered significant cryptanalysis, summarized in (Saarinen 2007). Matusiewicz et al. (2006) discovered a collision attack with complexity of $$2^{126.6}$$. Mendel et al. (2006) independently derived a similar attack. The following year Matusiewicz's team improved their attack to no worse than $$2^{108},$$ and (Contini 2007) demonstrated a practical implementation of the attack.

In response to these attacks, Hong and his team proposed an improved version of FORK-256. Markku-Juhani Saarinen derived a $$2^{112.9}$$-complexity attack again the improved algorithm. By way of comparison, the eventual SHA-3 standard withstands up to an order-$$2^{128}$$ attack.

Deployment
FORK-256 was added to the Botan cryptographic library after its introduction. Botan developer Jack Lloyd removed the algorithm in 2010 after concluding the hash suffered from several weaknesses and had never become widely used.