Improved collision attacks on the reduced-round Grøstl hash function

Authors:
Kota Ideguchi;Elmar Tischhauser;Bart Preneel
Affiliations:
Katholieke Universiteit Leuven, ESAT-COSIC andSystems Development Laboratory, Hitachi, LTD., Yokohama, Kanagawa, Japan;Katholieke Universiteit Leuven, ESAT-COSIC and IBBT, Heverlee, Belgium;Katholieke Universiteit Leuven, ESAT-COSIC and IBBT, Heverlee, Belgium
Venue:
ISC'10 Proceedings of the 13th international conference on Information security
Year:
2010

Citing 11
Cited 2

The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms

The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl

Fast Software Encryption
Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher

Selected Areas in Cryptography
Rebound Distinguishers: Results on the Full Whirlpool Compression Function

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Cryptanalysis of GRINDAHL

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Super-Sbox cryptanalysis: improved attacks for AES-like permutations

FSE'10 Proceedings of the 17th international conference on Fast software encryption
Improved differential attacks for ECHO and Grøstl

CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Finding SHA-1 characteristics: general results and applications

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Understanding two-round differentials in AES

SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Rebound attacks on the reduced grøstl hash function

CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology

Rebound attack on JH42

ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Internal differential collision attacks on the reduced-round GrØstl-0 hash function

Designs, Codes and Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

We analyze the Grøstl hash function, which is a 2nd-round candidate of the SHA-3 competition. Using the start-from-the-middle variant of the rebound technique, we show collision attacks on the Grøstl-256 hash function reduced to 5 and 6 out of 10 rounds with time complexities 248 and 2112, respectively. Furthermore, we demonstrate semi-free-start collision attacks on the Grøstl-224 and -256 hash functions reduced to 7 rounds and the Grøstl-224 and -256 compression functions reduced to 8 rounds. Our attacks are based on differential paths between the two permutations P and Q of Grøstl, a strategy introduced by Peyrin to construct distinguishers for the compression function. In this paper, we extend this approach to construct collision and semi-freestart collision attacks for both the hash and the compression function. Finally, we present improved distinguishers for reduced-round versions of the Grøstl-224 and -256 permutations.