Subspace distinguisher for 5/8 rounds of the ECHO-256 hash function

Authors:
Martin Schläffer
Affiliations:
Institute for Applied Information Processing and Communications, Graz University of Technology, Graz, Austria
Venue:
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Year:
2010

Citing 13
Cited 3

The Design of Rijndael

The Design of Rijndael
A Generalized Birthday Problem

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
The Wide Trail Design Strategy

Proceedings of the 8th IMA International Conference on Cryptography and Coding
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl

Fast Software Encryption
Distinguisher and Related-Key Attack on the Full AES-256

CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher

Selected Areas in Cryptography
Rebound Attack on the Full Lane Compression Function

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Rebound Distinguishers: Results on the Full Whirlpool Compression Function

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Super-Sbox cryptanalysis: improved attacks for AES-like permutations

FSE'10 Proceedings of the 17th international conference on Fast software encryption
Improved differential attacks for ECHO and Grøstl

CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Cryptanalysis of Luffa v2 components

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Understanding two-round differentials in AES

SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Rebound attacks on the reduced grøstl hash function

CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology

Practical near-collisions and collisions on round-reduced ECHO-256 compression function

FSE'11 Proceedings of the 18th international conference on Fast software encryption
Rebound attack on JH42

ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Improved analysis of ECHO-256

SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this work we present first results for the hash function of ECHO. We provide a subspace distinguisher for 5 rounds and collisions for 4 out of 8 rounds of the ECHO-256 hash function. The complexities are 296 compression function calls for the distinguisher and 264 for the collision attack. The memory requirements are 264 for all attacks. To get these results, we consider new and sparse truncated differential paths through ECHO. We are able to construct these paths by analyzing the combined MixColumns and BigMixColumns transformation. Since in these sparse truncated differential paths at most one fourth of all bytes of each ECHO state are active, missing degrees of freedom are not a problem. Therefore, we are able to mount a rebound attack with multiple inbound phases to efficiently find according message pairs for ECHO.