Security Analysis of SIMD
In this paper the authors study the security of the SHA-3 candidate SIMD. They first show a new free-start distinguisher based on symmetry relations. It allows distinguishing the compression function of SIMD from a random function with a single evaluation. However, they also show that this property is very hard to exploit to mount any attack on the hash function because of the mode of operation of the compression function. Essentially, if one can build a pair of symmetric states, the symmetry property can only be triggered once. In the second part, they show that a class of free-start distinguishers is not a threat to the wide-pipe hash functions.