Cryptanalysis of the ESSENCE family of hash functions

Authors:
Nicky Mouha;Gautham Sekar;Jean-Philippe Aumasson;Thomas Peyrin;Søren S. Thomsen;Meltem Sönmez Turan;Bart Preneel
Affiliations:
Department of Electrical Engineering ESAT, SCD-COSIC, Katholieke Universiteit Leuven, Heverlee, Belgium and Interdisciplinary Institute for BroadBand Technology, Belgium;Department of Electrical Engineering ESAT, SCD-COSIC, Katholieke Universiteit Leuven, Heverlee, Belgium and Interdisciplinary Institute for BroadBand Technology, Belgium;FHNW, Windisch, Switzerland;Ingenico, France;Department of Mathematics, Technical University of Denmark, Lyngby, Denmark;National Institute of Standards and Technology;Department of Electrical Engineering ESAT, SCD-COSIC, Katholieke Universiteit Leuven, Heverlee, Belgium and Interdisciplinary Institute for BroadBand Technology, Belgium
Venue:
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Year:
2009

Citing 8
Cited 1

Linear cryptanalysis method for DES cipher

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Leakage-Resilient Cryptography

FOCS '08 Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science
A Leakage-Resilient Mode of Operation

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Hash functions and the (amplified) boomerang attack

CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Finding SHA-1 characteristics: general results and applications

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Efficient collision search attacks on SHA-0

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

Cryptanalysis of ESSENCE

FSE'10 Proceedings of the 17th international conference on Fast software encryption

Quantified Score

Hi-index	0.00

Visualization

Abstract

ESSENCE is a family of cryptographic hash functions, accepted to the first round of NIST's SHA-3 competition. This paper presents the first known attacks on ESSENCE. We present a semi-free-start collision attack on 31 out of 32 rounds of ESSENCE-512, invalidating the design claim that at least 24 rounds of ESSENCE are secure against differential cryptanalysis. We develop a novel technique to satisfy the first nine rounds of the differential characteristic. Nonrandomness in the outputs of the feedback function F is used to construct several distinguishers on a 14-round ESSENCE block cipher and the corresponding compression function, each requiring only 217 output bits. This observation is extended to key-recovery attacks on the block cipher. Next, we show that the omission of round constants allows slid pairs and fixed points to be found. These attacks are independent of the number of rounds. Finally, we suggest several countermeasures against these attacks, while still keeping the design simple and easy to analyze.