FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium
Fast Software Encryption
On the indifferentiability of the sponge construction
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Cryptanalysis of Luffa v2 components
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Higher-order differential properties of KECCAK and Luffa
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Finding collisions for reduced Luffa-256 v2
ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
Second-Order differential collisions for reduced SHA-256
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
| Hi-index | 0.00 |
In this paper, a higher order differential attack on the hash function Luffa v1 is discussed. We confirmed that the algebraic degree of the permutation Qj which is an important non-linear component of Luffa grows slower than an ideal case both by the theoretical and the experimental approaches. According to our estimate, we can construct a distinguisher for step-reduced variants of Luffa v1 up to 7 out of 8 steps by using a block message. The attack for 7 steps requires 2216 messages. As far as we know, this is the first report which investigates the algebraic property of Luffa v1. Besides, this attack does not pose any threat to the security of the full-step of Luffa v1 nor Luffa v2.