Cryptanalysis of ESSENCE

Authors:
María Naya-Plasencia;Andrea Röck;Jean-Philippe Aumasson;Yann Laigle-Chapuy;Gaëtan Leurent;Willi Meier;Thomas Peyrin
Affiliations:
INRIA, Project-team SECRET, France;Aalto University School of Science and Technology, Finland;Nagravision SA, Cheseaux, Switzerland;INRIA, Project-team SECRET, France;Ecole Normale Supérieure, Paris, France;FHNW, Windisch, Switzerland;Ingenico, France
Venue:
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Year:
2010

Citing 11
Cited 0

A Design Principle for Hash Functions

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Keying Hash Functions for Message Authentication

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities

EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Cryptanalysis on HMAC/NMAC-MD5 and MD5-MAC

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl

Fast Software Encryption
New key-recovery attacks on HMAC/NMAC-MD4 and NMAC-MD5

EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Cryptanalysis of the ESSENCE family of hash functions

Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Finding SHA-1 characteristics: general results and applications

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

Quantified Score

Hi-index	0.00

Visualization

Abstract

ESSENCE is a hash function submitted to the NIST Hash Competition that stands out as a hardware-friendly and highly parallelizable design. Previous analysis showed some non-randomness in the compression function which could not be extended to an attack on the hash function and ESSENCE remained unbroken. Preliminary analysis in its documentation argues that it resists standard differential cryptanalysis. This paper disproves this claim, showing that advanced techniques can be used to significantly reduce the cost of such attacks: using a manually found differential characteristic and an advanced search algorithm, we obtain collision attacks on the full ESSENCE-256 and ESSENCE- 512, with respective complexities 267.4 and 2134.7. In addition, we show how to use these attacks to forge valid (message, MAC) pairs for HMAC-ESSENCE-256 and HMAC-ESSENCE-512, essentially at the same cost as a collision.